Deletion of SA
K SrinivasRao <srinu@trinc.com> Mon, 23 March 1998 13:10 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id IAA21696 for ipsec-outgoing; Mon, 23 Mar 1998 08:10:58 -0500 (EST)
Message-Id: <3.0.1.32.19980323185642.006aa2e8@192.9.200.10>
X-Sender: srinu@192.9.200.10
X-Mailer: Windows Eudora Light Version 3.0.1 (32)
Date: Mon, 23 Mar 1998 18:56:42 +0500
To: ipsec@tis.com
From: K SrinivasRao <srinu@trinc.com>
Subject: Deletion of SA
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Hi All, Suppose the SA life time for the SA between H1 and H2 is in terms of Kbytes. Consider the scenario where H1 sends out messages which lead to expiry of an SA on H1 but the host H2 does not receive all the datagrams (which are lost). H1 goes ahead and negotiates a new SA since its SA has expired. However, H2's SA does not expire since it has not received all the messages. Now, if this SA in H2 is not shared between security policy entries, it will remain forever (until the system reboots) as H1 would have negotiated a new SA and will use that for future communications. Should H1 send a delete payload to delete H2's SA? What happens if it is not sent? In the same context, if the sequence counter in the sender H1 recycles and the anti-replay service is enabled, H1 starts negotiation of a new SA to send this packet on. How does H2 delete the SA it has? By getting a delete payload from H1? Or, it expires in the normal way?
- Deletion of SA K SrinivasRao
- Re: Deletion of SA Michael Richardson
- Re: Deletion of SA Daniel Harkins
- Re: Deletion of SA Bill Sommerfeld
- Re: Deletion of SA Scott G. Kelly
- Re: Deletion of SA Scott G. Kelly
- Re: Deletion of SA K SrinivasRao
- Re: Deletion of SA K SrinivasRao
- Re: Deletion of SA Scott G. Kelly
- Re: Deletion of SA S. B. Kulkarni
- Re: Deletion of SA Scott G. Kelly
- (administrivia) About my archives Michael C. Richardson
- Re: Deletion of SA S. B. Kulkarni