Re: why is SA lifetime kilobyte limit disabled in racoon?

[Matthias Drochner <M.Drochner%fz-juelich.de@localhost>]

hsuenaga%iij.ad.jp@localhost said:
>  b. Use newest IPsec-SA to send and keep all IPsec-SAs to receive(Fast
> IPsec)

Btw, It seems that the way this is implemented in FAST_IPSEC
interprets the PFKEY RFC rather liberal: As I read it, the
RFC doesn't specify a DELETE message from kernel to userland.
It seems that the original plans were to do all key management
in userland.

Just wanted to mention this...

best regards
Matthias



------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDirig Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------

Besuchen Sie uns auf unserem neuen Webauftritt unter www.fz-juelich.de