[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 SA rekeying - naming an initial SA

To: ipsec@lists.tislabs.com
Subject: Re: IKEv2 SA rekeying - naming an initial SA
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 19 Aug 2003 11:10:33 -0400
In-reply-to: Your message of "Mon, 18 Aug 2003 22:32:05 EDT." <p05210603bb673c47be19@[12.159.173.175]>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes:
    Stephen> A while ago I proposed using the combination of the sender and
    Stephen> receiver SPIs, for a pair of SAs when we need to refer to them,
    Stephen> as we tend to create them in pairs and the numbers are unique
    Stephen> relative to the sender and receiver.

  This will work if you keep this number for all subsequent SAs which are
keyed. How we create the number isn't so important - what matters is that
there is a place to put it when we rekey.

]      Out and about in Ottawa.    hmmm... beer.                |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian/notebook using, kernel hacking, security guy");  [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys - custom hacks make this fully PGP2 compat

iQCVAwUBP0I95oqHRg3pndX9AQEeUQQAv/DGcjMWEON2TMVkkxJGjI811mSYl7Xp
tNxeTkllg9oQG0wDRdal9otf/XMGlKG6NFHqSFMOdNnHMIkH5Qjlqh+ht/zqMNft
11z0CFehVXAaNkHZ0i5yTnP3wjDMFOQq9j2ULBZAnntsozJVLUD+7pqbUqF4uIY+
2f+jdT2REH8=
=wV27
-----END PGP SIGNATURE-----

References:
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: The remaining IKEv2 issues
Next by Date: Re: The remaining IKEv2 issues
Prev by thread: Re: IKEv2 SA rekeying - naming an initial SA
Next by thread: Re: IKEv2 SA rekeying - naming an initial SA
Index(es):
- Date
- Thread