[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE Delete payloads

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: IKE Delete payloads
From: Henry Spencer <henry@spsystems.net>
Date: Wed, 6 Sep 2000 13:43:34 -0400 (EDT)
In-Reply-To: <0B3F42CA1FB6D2118FE50008C7894B0A051A96A0@eseis06nok>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 6 Sep 2000 antonio.barrera@nokia.com wrote:
> 	If IKE wants to send a Delete payload for an IPSEC SA it can only
> specify the SPI and protocol but not the destination address.
> - These are the 3 things that identify a IPSEC SA so how can IKE know which
> one should be erased? 
> - Or IKE assumes that the destination address is the LOCAL address? 

The wording here is not very clear, but the statement that the SPI is
"the sending entity's SPI", and the following NOTE indicating that
receiver->sender communication will fail if the Delete is ignored, makes
it pretty much necessary that the implicit destination address is that of
the sender.

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

IKE Delete payloads

From: antonio.barrera@nokia.com

Prev by Date: Re: Connecting IPSec tunnels
Next by Date: RE: I-D ACTION:draft-lordello-ipsec-vpn-doi-00.txt
Prev by thread: IKE Delete payloads
Next by thread: IKE Delete payloads (clarification)
Index(es):
- Main
- Thread