Subject: Re: bin/28922: racoon leaves old SA's in kernel
To: None <kim@tac.nyc.ny.us>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: netbsd-bugs
Date: 01/10/2005 12:42:38
> >Synopsis:       racoon leaves old SA's in kernel

	IPsec/IKE specification does not define how to re-negotiate keys
	nor how to use old/new key, and behavior is totally implementation-
	dependent.  racoon and netbsd are following guidances in
	draft-jenkins-ipsec-rekeying-xx (keep old key and use old key until
	old key really expires).

itojun