[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Michael's comments on ikev2 draft
Henry Spencer <henry@spsystems.net> writes:
> This I will agree with. While I believe that any implementation which
> relies on getting Deletes is unquestionably and inarguably broken -- not
> just different but verifiably *wrong* -- I concur that (a) such defective
> implementations do exist, (b) sending Delete improves interoperability
> with them, (c) much grief would have been avoided had these issues
> received proper attention in the standard, and (d) the next standard
> should not repeat the mistake.
Having a _reliable_ delete notification is, IMHO, a good idea.
REQUIRING deletes to happen is certainly wrong. However there are
times when I know I want to _shut down_ ipsec and there is no way to
reliably do that remotely.
I know that my particular case is relatively wackball (I unfortunately
can't go into the details online). But suffice it to say that if I
had a reliable delete notification it would have saved a lot of
hand-editing and meant that my server never needed to be touched.
> Henry Spencer
> henry@spsystems.net
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
References: