[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2401bis Issue # 79 -- Detection of dead peers and dead SAs



Hi,
        I have submitted one draft that works with IKE v1. I have submitted 
this to
        the list long time back. If anybody interested in it, write to me.
    Thanks
    Ravi



At 11:05 PM 9/26/03 -0400, Karen Seo wrote:
>Folks,
>
>Here's a description and proposed approach for:
>
>IPsec Issue #:  79
>
>Title:          Detection of dead peers and dead SAs
>
>Description:
>============
>In the absence of mechanisms to detect dead peers or dead SAs, an IPsec 
>system could waste resources by continuing to send traffic to a peer that 
>will discard the traffic
>
>IKEv2 addresses these problems. IKEv2 explicitly contains a dead peer 
>detection mechanism.  IKEv2 specifies that a peer cannot close an SA 
>created using IKEv2 without either sending an IKEv2 "delete" message or 
>closing the IKE SA. This guarantees that there cannot be undetected dead 
>ESP or AH SAs. It does
>place a burden on implementations to keep the IKE SA and the IPsec SA
>state synchronized.
>
>For IKEv1, vendors have implemented different mechanisms, some of which 
>are incompatible, but we have no plans to address this problem in the IKE 
>v1 context.
>
>Proposed approach:
>==================
>No change to 2401bis.
>
>
>Thank you,
>Karen

The Views Presented in this mail are completely mine. The company is not 
responsible for what so ever.

----------
Ravi Kumar CH
Rendezvous On Chip (I) Pvt Ltd
Hyderabad, INDIA

ROC HOME PAGE:
http://www.roc.co.in