[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 2401bis Issue # 79 -- Detection of dead peers and dead SAs
Hi,
I have submitted one draft that works with IKE v1. I have submitted
this to
the list long time back. If anybody interested in it, write to me.
Thanks
Ravi
At 11:05 PM 9/26/03 -0400, Karen Seo wrote:
>Folks,
>
>Here's a description and proposed approach for:
>
>IPsec Issue #: 79
>
>Title: Detection of dead peers and dead SAs
>
>Description:
>============
>In the absence of mechanisms to detect dead peers or dead SAs, an IPsec
>system could waste resources by continuing to send traffic to a peer that
>will discard the traffic
>
>IKEv2 addresses these problems. IKEv2 explicitly contains a dead peer
>detection mechanism. IKEv2 specifies that a peer cannot close an SA
>created using IKEv2 without either sending an IKEv2 "delete" message or
>closing the IKE SA. This guarantees that there cannot be undetected dead
>ESP or AH SAs. It does
>place a burden on implementations to keep the IKE SA and the IPsec SA
>state synchronized.
>
>For IKEv1, vendors have implemented different mechanisms, some of which
>are incompatible, but we have no plans to address this problem in the IKE
>v1 context.
>
>Proposed approach:
>==================
>No change to 2401bis.
>
>
>Thank you,
>Karen
The Views Presented in this mail are completely mine. The company is not
responsible for what so ever.
----------
Ravi Kumar CH
Rendezvous On Chip (I) Pvt Ltd
Hyderabad, INDIA
ROC HOME PAGE:
http://www.roc.co.in