Re: Do we actually need dynamic ports?

[Jan Vilhuber <vilhuber@cisco.com>]

On Fri, 5 Apr 2002, Bill Sommerfeld wrote:

> > - Keep a policy marker around and add or subtract relative to the marker
> > - Delete the old SA and create a new one when you want to add or subtract
>
> I hope you really mean:
>
> 	"create a new one, cut over to it, then delete the old one after a
> 	 suitable delay to allow packets in flight to land"
>

Yes yes. Picky picky.. ;)

> And, if so, I think this is preferable -- it avoids any ambiguity of
> interpretation with respect to the ordering of the selector add/delete
> vs. traffic in flight.
>

Well the draft that Pyda wrote changes the payload so that it's NOT
ambiguous (it tags each SA with a policy ID, so you always know
exactly which traffic-policy you're talking about (even if your SPI's
may change), and added an add/remove flag). But I agree that using
existing mechanisms (especially the TS payload and its expanded
capabilities) seems fine (assuming we clarify rekeying precisely).

jan
 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847