[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-kink-kink-08.txt

To: ietf-kink@xxxxxxxx
Subject: Re: draft-ietf-kink-kink-08.txt
From: Shoichi Sakane <sakane@xxxxxxxx>
Date: Fri, 15 Jul 2005 16:08:29 +0900
In-reply-to: Your message of "Mon, 11 Jul 2005 07:50:20 +0900" <>
List-archive: <http://www.vpnc.org/ietf-kink/mail-archive/>
List-id: <ietf-kink.vpnc.org>
List-unsubscribe: <mailto:ietf-kink-request@vpnc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-kink@xxxxxxxxxxxxx

ISAKMP Delete payload can not indicate direction of SA.  The section 3.3
should describe that the payload contain which direction of SA.

   3.3.  DELETE Message Flow

      The DELETE command deletes existing SAs.  The DOI specific payloads
      describe the actual SA to be deleted.  For the IPSEC DOI, those
      payloads will include an ISAKMP payload containing the SPI to be
      deleted in each direction.

I would like to add the following text to clear it.

   The ISAKMP payload contains ISAKMP Delete payload(s) which is
   indicated to the inbound SA for the initiator of this flow.  KINK
   does not allow half-open SAs, thus when the responder receives a
   DELETE command, it MUST delete SAs of both sides, and MUST reply with
   ISAKMP Delete Payload which is also indicated to the inbound SA for
   the responder of this flow.  If the receiver cannot find an
   appropriate SPI to be deleted, it MUST return an ISAKMP notification
   with INVALID_SPI, which also serves to inform the initiator that it
   can delete the inbound SA.

References:
- draft-ietf-kink-kink-08.txt
  - From: Shoichi Sakane

Prev by Date: Re:
Previous by thread: draft-ietf-kink-kink-08.txt
Next by thread: I-D ACTION:draft-ietf-kink-kink-08.txt
Index(es):
- Date
- Thread