[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: same SPI/different exchange

To: sommerfeld@East.Sun.COM
Subject: Re: same SPI/different exchange
From: Michael Thomas <mat@cisco.com>
Date: Mon, 30 Jul 2001 14:38:02 -0700 (PDT)
Cc: Michael Thomas <mat@cisco.com>, ipsec@lists.tislabs.com
In-Reply-To: <200107302130.f6ULUjS23345@thunk.east.sun.com>
References: <15205.52368.735204.207156@thomasm-u1.cisco.com><200107302130.f6ULUjS23345@thunk.east.sun.com>
Sender: owner-ipsec@lists.tislabs.com

Bill Sommerfeld writes:
 > > What is the intended behavior of IKE if you
 > > receive a proposal for a SPI which already exists?
 > 
 > If this happens, the peer is probably buggy ..

   Really? Doesn't this happen as a natural consequence of
   retransmissions? 

 > > Should the old one be deinstalled and the new one installed?
 > 
 > This sounds like the robust thing to do; I'd want to be careful to
 > ensure that the old and new instances were treated as "different"
 > (from the point of view any caching which might be going on..)

   Right. They could change proposals, etc too.

	  Mike

Follow-Ups:

Re: same SPI/different exchange

From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

References:

same SPI/different exchange

From: Michael Thomas <mat@cisco.com>

Re: same SPI/different exchange

From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

Prev by Date: Re: same SPI/different exchange
Next by Date: Re: same SPI/different exchange
Next by thread: AH length field, and derivation of name "SKEYID"
Index(es):
- Main
- Thread