[Worm-can-opener hat] I'm ok with that.
Scott Moonen (smoo...@us.ibm.com)
z/OS Communications Server TCP/IP Development
http://www.linkedin.com/in/smoonen
From:
Paul Hoffman
To:
IPsecme WG
Date:
01/10/2010 07:26 PM
Subject:
Re: [IPsec] Issue #128: Can implementations not reply ful
At 10:55 AM -0800 12/15/09, Paul Hoffman wrote:
>Section 1.4.1 says: Normally, the reply in the INFORMATIONAL exchange will
>contain delete payloads for the paired SAs going in the other direction. There
>is one exception. If by chance both ends of a set of SAs independently decide
>to close the
David Wierbowski writes:
> I'm not sure I'm going to buy that garage door opener if I have to wait for
> dead peer detection before I can open or close it again :>).
You don't, if the device is already sleeping, and you press the
button again it wakes up, creates NEW IKE SA and the IPsec SA and
se
2009 05:55 AM
Subject: Re: [IPsec] Issue #128: Can implementations not reply full
Yoav Nir writes:
> I would actually rather remove the "MUST NOT unilaterally close
> them" and replace it with "may unilaterally close them".
You MAY close the IKE SA and that will take care of the SAs. You MUST
NOT unilaterally close them.
> But wait, there's something weird here.
>
>From the P
Yoav Nir writes:
> Section 1.4.1 also says:
>
> "A node MAY refuse to accept incoming data on half-closed
>connections but MUST NOT unilaterally close them and reuse the SPIs."
>
> So if your peer is only responding with empty INFORMATIONAL
> responses to your deletes, you're going to accumul
Paul Hoffman writes:
> Section 1.4.1 says: Normally, the reply in the INFORMATIONAL
> exchange will contain delete payloads for the paired SAs going in
> the other direction. There is one exception. If by chance both ends
> of a set of SAs independently decide to close them, each may send a
> delet
__
> From: ipsec-boun...@ietf.org [ipsec-boun...@ietf.org] On Behalf Of Paul
> Hoffman [paul.hoff...@vpnc.org]
> Sent: Tuesday, December 15, 2009 20:55
> To: IPsecme WG
> Subject: [IPsec] Issue #128: Can implementations not reply fully to Deletes?
>
> Section 1.
.
Thanks,
Yaron
From: ipsec-boun...@ietf.org [ipsec-boun...@ietf.org] On Behalf Of Yoav Nir
[y...@checkpoint.com]
Sent: Wednesday, December 16, 2009 12:01 AM
To: Paul Hoffman; IPsecme WG
Subject: Re: [IPsec] Issue #128: Can implementations not reply fully to Deletes?
Sec
and more stale inbound SAs. One of
these statements has to go.
From: ipsec-boun...@ietf.org [ipsec-boun...@ietf.org] On Behalf Of Paul Hoffman
[paul.hoff...@vpnc.org]
Sent: Tuesday, December 15, 2009 20:55
To: IPsecme WG
Subject: [IPsec] Issue #128: Can impl
Section 1.4.1 says: Normally, the reply in the INFORMATIONAL exchange will
contain delete payloads for the paired SAs going in the other direction. There
is one exception. If by chance both ends of a set of SAs independently decide
to close them, each may send a delete payload and the two reques
11 matches
Mail list logo
