iSCSI - SA change

To: ni1d@arrl.net
Subject: iSCSI - SA change
From: Black_David@emc.com
Date: Thu, 23 May 2002 14:00:02 -0400
Cc: ips@ece.cmu.edu
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

Can we put an end to this rathole please?  This discussion thread
is about helping out implementers who ignore a SHOULD, an exercise
that strikes me as increasingly pointless.

Thanks,
--David

> Excerpt of message (sent 23 May 2002) by Black_David@emc.com:
> > [... various snips to focus on the SA replacement issue ...]
> > 
> > > > The encryption can probably be removed by negotiating a 
> new SA that
> > > > doesn't encrypt and deleting the old one, but that 
> still requires
> > > > ESP integrity.
> > > 
> > > Could we have a more complete example of this (SA changing in 
> > > mid-stride)?
> > 
> > It is literally as described - the sender sets up a new SA, 
> and deletes
> > the old one.  These are done via IKE in the usual fashion.
> 
> Unfortunately, it's NOT the usual fashion.  It would be extremely
> unusual, to say the least, for an IPsec implementation to be willing
> to offer both encrypted and unencrypted SAs to the same destination.
> 
> It is probably true that the protocol permits it, but as Milan pointed
> out, IPsec implementers will give you very funny looks if you suggest
> this to them.
> 
>      paul
>

Prev by Date: RE: Flipped locations between d11 and d12.
Next by Date: Re: [iSCSI]: Key negotiation procedure proposal
Prev by thread: Re: iSCSI : versions and draft no.s (fwd)
Next by thread: iSCSI: Data-In PDU having MaxBurstSize restriction for a sequence
Index(es):
- Date
- Thread

Home

Last updated: Thu May 23 17:18:33 2002
10268 messages in chronological order