[anonsec] details of IKE/IPsec channel binding
Nicolas Williams
Nicolas.Williams at sun.com
Sun Apr 1 15:46:49 PDT 2007
On Sun, Apr 01, 2007 at 05:35:34PM -0500, Nicolas Williams wrote:
> On Sun, Apr 01, 2007 at 05:44:30PM -0400, Michael Richardson wrote:
> > >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
> > Nicolas> This needs to work for IKEv1. Assuming that the IKE_SA is
> > Nicolas> still around is not a good assumption.
> >
> > I have no problem with requiring that the IKE_SA remain around.
> > Seriously.
>
> The channel initiator (client) can certainly keep it around. The
> server need not have any idea that it will have to keep it around.
Responding to myself: i.e., what if the server reboots or otherwise
loses IKE state?
Nico
--
More information about the ANONSEC
mailing list