We can't really prescribe actions for (presumably older) implementations that don't support this spec.
Such implementations will do what it says in RFC 4306 and the clarifications document: TEMPORARY_FAILURE is an error notification, so therefore the exchange failed. In that case the old SA remains until this or the other end deletes it. If the other side has rekeyed, we're fine. On Jan 20, 2010, at 11:03 PM, Paul Hoffman wrote: > 2.8.2: we should add a sentence on what happens if the peer receives > TEMPORARY_FAILURE and does not understand it (because it's new to this spec). > > --Paul Hoffman, Director > --VPN Consortium > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > > Scanned by Check Point Total Security Gateway. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
