RE: Error in ips-security-07

[Black_David@emc.com]

This is the infamous "dangling SA" issue discussed in ipsec
in the past.  While I don't recall its resolution, the IKEv2
draft prohibits dangling SAs, and the IPS Security draft is
taking the same position.  OTOH, I seem to recall that IKEv1
implementations differ on whether dangling SAs are allowed.
Paul - are you suggesting that prohibiting dangling SAs
would unnecessarily exclude some IKEv1 implementations to
our detriment?

Thanks,
--David  
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 249-6449 *NEW*      FAX: +1 (508) 497-8500
black_david@emc.com         Cell: +1 (978) 394-7754
---------------------------------------------------

> -----Original Message-----
> From: Paul Koning [mailto:ni1d@arrl.net]
> Sent: Wednesday, January 23, 2002 7:10 PM
> To: marjorie_krueger@hp.com; ips@ece.cmu.edu
> Subject: RE: Error in ips-security-07
> 
> 
> Excerpt of message (sent 23 January 2002) by KRUEGER,MARJORIE 
> (HP-Roseville,ex1):
> > Was this a typo?:
> >  
> > > The text in the security draft is based on a mistaken 
> assumption.  In
> > > fact, sessions are not bound to Phase 2 SAs in the first 
> place -- only
> > > to Phase 2 SAs. 
> >       ^^^^^^^
> > Did you mean Phase 1 SAs?  Otherwise this sentence doesn't 
> make sense?
> 
> Oops, yes, that's a typo, but not that way around.  Here's what I
> meant:
> 
>   The text in the security draft is based on a mistaken assumption.
>   In fact, sessions are not bound to Phase 1 SAs in the first place --
>   only to Phase 2 SAs.
> 
>         paul
>