[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISAKMP Delete Payload

To: Awan Kumar Sharma <awank@future.futsoft.com>
Subject: Re: ISAKMP Delete Payload
From: Henry Spencer <henry@spsystems.net>
Date: Wed, 20 Sep 2000 13:12:38 -0400 (EDT)
cc: "Ipsec (E-mail)" <ipsec@lists.tislabs.com>
In-Reply-To: <01C0234A.06A802C0.awank@future.futsoft.com>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 20 Sep 2000, Awan Kumar Sharma wrote:
>   I am having a doubt in ISAKMP delete payload. One of the field specifies 
> the number of SPI's in the delete payload. According to my understanding 
> there will be two SPIs in the Delete payload for IPSec SA. One for the 
> Inbound SA and the other for the Outbound SA. Please correct me if I am 
> wrong.

Although the wording in the RFCs is confusing, I believe you're wrong.
IPsec SAs in Delete payloads are inbound (toward the sender of the Delete)
only.  Delete is an announcement ("I'm no longer accepting traffic on
these SAs"), not a request.  Note that the destination address is not
specified in Delete, so it must be taken to be the sender.

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

ISAKMP Delete Payload

From: Awan Kumar Sharma <awank@future.futsoft.com>

Prev by Date: Re: SA byte lifetime
Next by Date: Re: TOS copying considered harmful
Prev by thread: ISAKMP Delete Payload
Next by thread: ISAKMP Delete Payload (2)
Index(es):
- Main
- Thread