[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.txt



Scott Fanning writes:
 > Er, you are right, but I don't see much movement on the ack'd notify front.
 > Since changing IKE is not allowed, this seemed like the easiest route to
 > move forward with. Also, acks could be lost as well, so 3b could happen in
 > the ACK'd case as well. I do not claim that this solves every problem, but I
 > think it is a simple solution that could be implemented in a short amount of
 > time, with little interop issues.

   If there were a son-of-ike, would this be a potential change?
   It seems like all that his necessary is to have a bit which
   requires the peer to send a (potentially empty) notification
   in response. 

   As far as the ACK lossage goes, there are two cases:

   1) initiator loses the response from respondent
   2) respondent loses ACK from initiator

   In case one, the initiator would obliged to retransmit
   its request since it didn't get a response. In case two,
   it's just a matter of knowing when to *really* shutdown
   the SA so that in-flight packets aren't lost, if it keeps
   the SA open at all while waiting for the ACK. In that
   case, a grace timer which expires in lieu of the ACK
   is probably sufficient since it's really just a courtesy.
   If respondent needs a fail safe method, it can, as well,
   send the delete notification as an initiator.

	    Mike

 > 
 > Scott
 > ----- Original Message -----
 > From: "Michael Thomas" <mat@cisco.com>
 > To: <Internet-Drafts@ietf.org>
 > Cc: <IETF-Announce:;>; <ipsec@lists.tislabs.com>
 > Sent: Friday, July 27, 2001 6:39 AM
 > Subject: I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.txt
 > 
 > 
 > >
 > > Er, wouldn't the more sensible thing to do here in
 > > general is to create a means of having a reliable
 > > Delete notification?  This is what KINK does, and
 > > seems a lot more sensible/robust overall. I'll
 > > note that this still seems to have the packet loss
 > > problem described in section 3b.
 > >
 > >   Mike
 > >
 > > Internet-Drafts@ietf.org writes:
 > >  > A New Internet-Draft is available from the on-line Internet-Drafts
 > directories.
 > >  > This draft is a work item of the IP Security Protocol Working Group of
 > the IETF.
 > >  >
 > >  > Title : Responder Lifetime Notify Message for IKE
 > >  > Author(s) : S. Fanning
 > >  > Filename : draft-ietf-ipsec-ike-lifetime-00.txt
 > >  > Pages : 5
 > >  > Date : 26-Jul-01
 > >  >
 > >  > This document describes how the RESPONDER-LIFETIME notify message,
 > >  > used within the ISAKMP DOI can be used to facilitate lifetime
 > >  > negotiation and rekeying.
 > >  >
 > >  > A URL for this Internet-Draft is:
 > >  >
 > http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ike-lifetime-00.txt
 > >  >
 > >  > Internet-Drafts are also available by anonymous FTP. Login with the
 > username
 > >  > "anonymous" and a password of your e-mail address. After logging in,
 > >  > type "cd internet-drafts" and then
 > >  > "get draft-ietf-ipsec-ike-lifetime-00.txt".
 > >  >
 > >  > A list of Internet-Drafts directories can be found in
 > >  > http://www.ietf.org/shadow.html
 > >  > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
 > >  >
 > >  >
 > >  > Internet-Drafts can also be obtained by e-mail.
 > >  >
 > >  > Send a message to:
 > >  > mailserv@ietf.org.
 > >  > In the body type:
 > >  > "FILE /internet-drafts/draft-ietf-ipsec-ike-lifetime-00.txt".
 > >  >
 > >  > NOTE: The mail server at ietf.org can return the document in
 > >  > MIME-encoded form by using the "mpack" utility.  To use this
 > >  > feature, insert the command "ENCODING mime" before the "FILE"
 > >  > command.  To decode the response(s), you will need "munpack" or
 > >  > a MIME-compliant mail reader.  Different MIME-compliant mail readers
 > >  > exhibit different behavior, especially when dealing with
 > >  > "multipart" MIME messages (i.e. documents which have been split
 > >  > up into multiple messages), so check your local documentation on
 > >  > how to manipulate these messages.
 > >  >
 > >  >
 > >  > Below is the data which will enable a MIME compliant mail reader
 > >  > implementation to automatically retrieve the ASCII version of the
 > >  > Internet-Draft.
 > >  > Content-Type: text/plain
 > >  > Content-ID: <20010726170632.I-D@ietf.org>
 > >  >
 > >  > ENCODING mime
 > >  > FILE /internet-drafts/draft-ietf-ipsec-ike-lifetime-00.txt
 > >  > Content-Type: text/plain
 > >  > Content-ID: <20010726170632.I-D@ietf.org>
 > 


Follow-Ups: References: