SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    iSCSI - SA change



    Can we put an end to this rathole please?  This discussion thread
    is about helping out implementers who ignore a SHOULD, an exercise
    that strikes me as increasingly pointless.
    
    Thanks,
    --David
    
    > Excerpt of message (sent 23 May 2002) by Black_David@emc.com:
    > > [... various snips to focus on the SA replacement issue ...]
    > > 
    > > > > The encryption can probably be removed by negotiating a 
    > new SA that
    > > > > doesn't encrypt and deleting the old one, but that 
    > still requires
    > > > > ESP integrity.
    > > > 
    > > > Could we have a more complete example of this (SA changing in 
    > > > mid-stride)?
    > > 
    > > It is literally as described - the sender sets up a new SA, 
    > and deletes
    > > the old one.  These are done via IKE in the usual fashion.
    > 
    > Unfortunately, it's NOT the usual fashion.  It would be extremely
    > unusual, to say the least, for an IPsec implementation to be willing
    > to offer both encrypted and unencrypted SAs to the same destination.
    > 
    > It is probably true that the protocol permits it, but as Milan pointed
    > out, IPsec implementers will give you very funny looks if you suggest
    > this to them.
    > 
    >      paul
    > 
    


Home

Last updated: Thu May 23 17:18:33 2002
10268 messages in chronological order