IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [Ipsec] Rekeying SA bundles
On Sat, Oct 01, 2005 at 02:23:19PM +0200, Alejandro Perez Mendez wrote:
>
> c) The REKEY_SA identifies only one of the SAs in the bundle, but this
> is enough to identify the entire SA bundle. The responder knows all the
> SPI values.
>From my point of view, this is the only option that really makes sense.
Anything else would seem to either waste space on the wire, require the
peer to keep extra state across multiple IKE messages or payloads, or
both.
--
Thor Lancelot Simon tls%rek.tjls.com@localhost
"The inconsistency is startling, though admittedly, if consistency is to be
abandoned or transcended, there is no problem." - Noam Chomsky
Home |
Main Index |
Thread Index |
Old Index