[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed resolution to Issue 1

To: <ipsec@lists.tislabs.com>, <Charlie_Kaufman@notesdev.ibm.com>
Subject: Re: Proposed resolution to Issue 1
From: "Neal Taylor" <ntaylor@vitalsoft.com>
Date: Mon, 4 Aug 2003 09:31:19 -0700
References: <OF6516CEB0.497058C6-ON85256D75.0069282B-85256D75.006954C5@notesdev.ibm.com>
Sender: owner-ipsec@lists.tislabs.com

Charlie:

<snip>

> want to defer such sending.
> .sp
> The responder can be assured that the initiator is prepared to receive
> messages on an SA if either (1) it has received a cryptographically valid
> message on the new SA, or (2) the new SA rekeys an existing SA and it
> receives an IKE request to close the replaced SA.

Case (2) may happen for other reasons and so is not a reliable indicator
that the initiator is ready to receive. These other reasons include the
expiration of the SA lifetime during the rekeying process which could be the
result of a poorly configured system or unexpectedly high data rates.
_____________________________
Neal Taylor
Netlock Technologies
_____________________________

References:
- Proposed resolution to Issue 1
  - From: Charlie_Kaufman@notesdev.ibm.com

Prev by Date: Re: NAT-T, IKEv2, Vendor ID, port floating??
Next by Date: MS IPR on ikev2-08
Prev by thread: Proposed resolution to Issue 1
Next by thread: transform type 5 in ui-suites-03
Index(es):
- Date
- Thread