Re: Deletion of SA

[K SrinivasRao <srinu@trinc.com>]

At 12:22 PM 3/23/98 -0500, Bill Sommerfeld wrote:
>>     K> negotiated a new SA and will use that for future
>>     K> communications. Should H1 send a delete payload to delete H2's
>> 
>>   Yes. That should occur as part of the new SA being setup.
>>   A question though: is a "delete" too strong here? Perhaps a "please
>> delete this SA in X seconds" would be more appropriate? As a notify
>> perhaps? That would allow SA's to be negotiated in advance of being
>> used, and it also allows the network to drain.
>>   Someone tell me that this is already addressed, but I just missed
>> that part :-)
>
>Alternatively, you could put the burden of not sending the delete
>until the *sender* has reason to believe that all relevant traffic has
>drained from the net...
>

>For instance, in the case of per-connection keying, the sender could
>send a delete once the connection closed..

In the case of per-connection keying, the connection is closed only when
the application stops running. But here the case is different. The
application has still packets to send, but the SA has run out of
bytes(Note: we considered the case when SA has life time in byte counts)
and has to be renegotiated. Hence the H1(sender) can't wait till the
connection closes for sending a delete payload to H2. 
SrinivasRao. B. Kulkarni                             
Rendezvous On Chip Pvt Ltd.
First Floor, Plot No. 14,
NewVasaviNagar, Kharkhana,
SECUNDERABAD - 500019.
Ph : (040)7742606
email address : srinu@trinc.com