Subject: Re: bin/28922: racoon leaves old SA's in kernel
To: None <kim@tac.nyc.ny.us>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: netbsd-bugs
Date: 01/10/2005 12:42:38
> >Synopsis: racoon leaves old SA's in kernel
IPsec/IKE specification does not define how to re-negotiate keys
nor how to use old/new key, and behavior is totally implementation-
dependent. racoon and netbsd are following guidances in
draft-jenkins-ipsec-rekeying-xx (keep old key and use old key until
old key really expires).
itojun