Re: Michael's comments on ikev2 draft

[Derek Atkins <warlord@mit.edu>]

Henry Spencer <henry@spsystems.net> writes:

> This I will agree with.  While I believe that any implementation which
> relies on getting Deletes is unquestionably and inarguably broken -- not
> just different but verifiably *wrong* -- I concur that (a) such defective
> implementations do exist, (b) sending Delete improves interoperability
> with them, (c) much grief would have been avoided had these issues
> received proper attention in the standard, and (d) the next standard
> should not repeat the mistake.

Having a _reliable_ delete notification is, IMHO, a good idea.
REQUIRING deletes to happen is certainly wrong.  However there are
times when I know I want to _shut down_ ipsec and there is no way to
reliably do that remotely.

I know that my particular case is relatively wackball (I unfortunately
can't go into the details online).  But suffice it to say that if I
had a reliable delete notification it would have saved a lot of
hand-editing and meant that my server never needed to be touched.

>                                                           Henry Spencer
>                                                        henry@spsystems.net

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

---

References:

• RE: Michael's comments on ikev2 draft
• From: Henry Spencer <henry@spsystems.net>

---

• Prev by Date: Re: IKEv2 traffic selector subsetting.
• Next by Date: Re: IKEv2 traffic selector subsetting.
• Prev by thread: RE: Michael's comments on ikev2 draft
• Next by thread: Re: comments on jfk and ikev2 drafts
• Index(es):
  • Main
  • Thread