[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: QoS selectors (was LAST CALL: IKE)

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: QoS selectors (was LAST CALL: IKE)
From: Henry Spencer <henry@spsystems.net>
Date: Tue, 1 Jul 2003 11:19:46 -0400 (EDT)
In-Reply-To: <p05100306bb2750246768@[128.89.88.34]>
Sender: owner-ipsec@lists.tislabs.com

On Tue, 1 Jul 2003, Stephen Kent wrote:
> >The only thing that comes to mind is to add a notify payload when 
> >rekeying that identifies the SPI of
> >the SA being rekeyed. But this is a bits on wire change...
>
> ...Using the SPI to identify an SA being rekeyed avoids ambiguity, no 
> matter what the source, and that seems worthwhile.

This sounds like an excellent idea.  One substantial headache with IKEv1
was the extent to which the responding end had to *guess* what the
initiating end was really trying to do.  The fewer such ambiguities there
are, the better. 

                                                          Henry Spencer
                                                       henry@spsystems.net

References:
- Re: QoS selectors (was LAST CALL: IKE)
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: IKE negotiation for fragmentation controls in IPsec
Next by Date: Re: QoS selectors (was LAST CALL: IKE)
Prev by thread: Re: QoS selectors (was LAST CALL: IKE)
Next by thread: RE: QoS selectors (was LAST CALL: IKE)
Index(es):
- Date
- Thread