[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Ikev2 IKE-SA rekey collision

To: <ipsec@lists.tislabs.com>
Subject: Ikev2 IKE-SA rekey collision
From: "David W. Faucher" <dfaucher@lucent.com>
Date: Fri, 3 May 2002 12:54:23 -0500
Sender: owner-ipsec@lists.tislabs.com

Regarding draft-ietf-ipsec-ikev2-02.tx IKE-SA rekeying:

If there is a collision where both sides attempt to
rekey an IKE-SA at the same time, which one ends up
owning the child-SAs? 

It is possible to avoid this condition all together by
simply using some value within the messages to determine
who will "win" the rekey. For example, the side whose
nonce has the greater value. Alternatively, one could 
use the initiator of the current IKE-SA to determine
who "wins" the rekey.

David

Prev by Date: NAT-Traversal
Next by Date: Ikev2 Traffic Selector payload
Prev by thread: Re: Specification of tunnel/transport attribute in IKEv2
Next by thread: Re: Ikev2 IKE-SA rekey collision
Index(es):
- Date
- Thread