|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Error in ips-security-07This is the infamous "dangling SA" issue discussed in ipsec in the past. While I don't recall its resolution, the IKEv2 draft prohibits dangling SAs, and the IPS Security draft is taking the same position. OTOH, I seem to recall that IKEv1 implementations differ on whether dangling SAs are allowed. Paul - are you suggesting that prohibiting dangling SAs would unnecessarily exclude some IKEv1 implementations to our detriment? Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 249-6449 *NEW* FAX: +1 (508) 497-8500 black_david@emc.com Cell: +1 (978) 394-7754 --------------------------------------------------- > -----Original Message----- > From: Paul Koning [mailto:ni1d@arrl.net] > Sent: Wednesday, January 23, 2002 7:10 PM > To: marjorie_krueger@hp.com; ips@ece.cmu.edu > Subject: RE: Error in ips-security-07 > > > Excerpt of message (sent 23 January 2002) by KRUEGER,MARJORIE > (HP-Roseville,ex1): > > Was this a typo?: > > > > > The text in the security draft is based on a mistaken > assumption. In > > > fact, sessions are not bound to Phase 2 SAs in the first > place -- only > > > to Phase 2 SAs. > > ^^^^^^^ > > Did you mean Phase 1 SAs? Otherwise this sentence doesn't > make sense? > > Oops, yes, that's a typo, but not that way around. Here's what I > meant: > > The text in the security draft is based on a mistaken assumption. > In fact, sessions are not bound to Phase 1 SAs in the first place -- > only to Phase 2 SAs. > > paul >
Home Last updated: Mon Jan 28 11:18:05 2002 8513 messages in chronological order |