[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISAKMP Delete Payload (2)

To: antonio.barrera@nokia.com
Subject: Re: ISAKMP Delete Payload (2)
From: Henry Spencer <henry@spsystems.net>
Date: Thu, 21 Sep 2000 17:23:20 -0400 (EDT)
cc: ipsec@lists.tislabs.com
In-Reply-To: <0B3F42CA1FB6D2118FE50008C7894B0A051A9752@eseis06nok>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 21 Sep 2000 antonio.barrera@nokia.com wrote:
> 	If IKE receives a Delete payload for an ISAKMP SA does it imply that
> the IPSEC SA negotiated by this ISAKMP SA must be deleted as well, or they
> can be left in use until they expire?

Generally, the latter.  In particular, identity PFS (section 8 of RFC 2409)
*requires* that IPsec SAs persist beyond the ISAKMP SA used to create them.

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

ISAKMP Delete Payload (2)

From: antonio.barrera@nokia.com

Prev by Date: ipsec and win2k
Next by Date: QM optional payloads
Prev by thread: Re: ISAKMP Delete Payload (2)
Next by thread: RE: ISAKMP Delete Payload (2)
Index(es):
- Main
- Thread