[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on jfk and ikev2 drafts
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Jan" == Jan Vilhuber <vilhuber@cisco.com> writes:
mcr> As far as I can tell, neither proposal yet explains to me how to *add* new
mcr> traffic to an existing IPsec SA without rekeying it.
Jan> I wasn't aware it was supposed to, although it's a feature of huge personal
Jan> interest. Is there some text in the drafct I missed? Can you point it out?
The key is that the protocol has some way to establish a new SA
independantly of setting the traffic selectors. Perhaps Cheryl can add a
section to her draft about selectors and adding/subtracting of selectors.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBPBfqt4qHRg3pndX9AQEnSAQApoYfO2nZHrM/tQHs9Cpt66NWxqBhP8VP
vF9pnY5VPq0q2o/I++ISHeEHV7D6Z4dA7KtLj1MAQiW3SmQkDuUytQjIeQVYhBHH
HnVpqhtyxIS5qks3ulxoMqjZ18xwXt08lhFUS96Q1DQn/svIkvwLp9jKsnOLBOk/
T1XAKolJ/tE=
=n/TB
-----END PGP SIGNATURE-----
References: