[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.txt



> Er, wouldn't the more sensible thing to do here in
> general is to create a means of having a reliable
> Delete notification?  This is what KINK does, and
> seems a lot more sensible/robust overall. I'll
> note that this still seems to have the packet loss
> problem described in section 3b.

I don't think the issue is strictly a lost delete notification; rather, the
matter is also interoperability between those implementations that bind the
IKE and IPSec SAs together (otherwise known as "continuous channel mode")
and those that don't.  Some CCM implementations rely on pre-empting phase 1
rekeys to keep the IKE SAs up.  This is only always possible if something
like the Responder Lifetime message is sent -- if the RL message isn't sent,
the CCM implementation won't know when its peer intends to time its IKE SAs
out until it receives the delete notify.

In this situation, an ACKed delete notiy won't be sufficient.

-g

> 		  Mike
>
> Internet-Drafts@ietf.org writes:
>  > A New Internet-Draft is available from the on-line
> Internet-Drafts directories.
>  > This draft is a work item of the IP Security Protocol Working
> Group of the IETF.
>  >
>  > 	Title		: Responder Lifetime Notify Message for IKE
>  > 	Author(s)	: S. Fanning
>  > 	Filename	: draft-ietf-ipsec-ike-lifetime-00.txt
>  > 	Pages		: 5
>  > 	Date		: 26-Jul-01
>  >
>  > This document describes how the RESPONDER-LIFETIME notify message,
>  > used within the ISAKMP DOI can be used to facilitate lifetime
>  > negotiation and rekeying.
>  >
>  > A URL for this Internet-Draft is:
>  >
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ike-lifetime-00.txt
 >
 > Internet-Drafts are also available by anonymous FTP. Login with the
username
 > "anonymous" and a password of your e-mail address. After logging in,
 > type "cd internet-drafts" and then
 > 	"get draft-ietf-ipsec-ike-lifetime-00.txt".
 >
 > A list of Internet-Drafts directories can be found in
 > http://www.ietf.org/shadow.html
 > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
 >
 >
 > Internet-Drafts can also be obtained by e-mail.
 >
 > Send a message to:
 > 	mailserv@ietf.org.
 > In the body type:
 > 	"FILE /internet-drafts/draft-ietf-ipsec-ike-lifetime-00.txt".
 >
 > NOTE:	The mail server at ietf.org can return the document in
 > 	MIME-encoded form by using the "mpack" utility.  To use this
 > 	feature, insert the command "ENCODING mime" before the "FILE"
 > 	command.  To decode the response(s), you will need "munpack" or
 > 	a MIME-compliant mail reader.  Different MIME-compliant mail readers
 > 	exhibit different behavior, especially when dealing with
 > 	"multipart" MIME messages (i.e. documents which have been split
 > 	up into multiple messages), so check your local documentation on
 > 	how to manipulate these messages.
 >
 >
 > Below is the data which will enable a MIME compliant mail reader
 > implementation to automatically retrieve the ASCII version of the
 > Internet-Draft.
 > Content-Type: text/plain
 > Content-ID:	<20010726170632.I-D@ietf.org>
 >
 > ENCODING mime
 > FILE /internet-drafts/draft-ietf-ipsec-ike-lifetime-00.txt
 > Content-Type: text/plain
 > Content-ID:	<20010726170632.I-D@ietf.org>



References: