RFC 4718 section 5.11.8. Collisions with IKE_SA Rekeying says:
The case where CHILD_SAs are being closed is even worse. Our
recommendation is that if a host receives a request to rekey the
IKE_SA when it has CHILD_SAs in "half-closed" state (currently being
closed), it should reply wi
Yoav Nir wrote:
> On the other hand, even with a window size of 1, the current text
> seems to suggest that the last packet should be retained
> indefinitely. This doesn't make sense, as the initiator of that
> packet is also bound by the "at least a dozen times over a period of
> at least several
Grewal, Ken writes:
> >Are QOS and auditing devices really stateless?
> >
> >I would expect QOS devices to have all kind of reservation systems and
> >so on and for those I would expect them to be keeping state?
>
> [Ken] QoS may be applied on the need of the underlying service. E.g.
> A static ru
Grewal, Ken writes:
> [Ken] In some cases, the certainty must be 100%, otherwise there is
> no control. E.g. A new exploit has just been published for certain
> types of traffic - published vulnerability where a virus/worm can
> exploit a 'buffer overrun/stack overflow' condition for a given
> piec
