The premise is that the implementation supports just one set of SAs. So both send out a request, and both receive the other request first, and then the response to their respective original request. If both peers now send out a DELETE to remove the SA initiated by the other side, they will end up with no SAs at all.
That may be interop, but it’s not a good result. Yoav On May 5, 2014, at 10:56 PM, Nico Williams <n...@cryptonector.com> wrote: > Also, it seems clear that any implementation that adheres to the spec > as it is will either a) produce just one set of SAs in this case (see > Paul's response), or b) propose N>=1 sets of SAs. The (b) case should > interop with the (a) case just fine, resulting in N==1 set of SAs. > All three possible combinations of implementation behaviors should > interop. > > Nico > -- _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
