At 2:29 PM -0800 12/16/09, Paul Hoffman wrote: >Section 2.8.2 Simultaneous IKE SA Rekeying states: > > If only one peer detects a simultaneous rekey, redundant SAs > are not created. In this case, when the peer that did not notice the > simultaneous rekey gets the request to rekey the IKE SA that it has > already successfully rekeyed, it MUST return TEMPORARY_FAILURE > because it is an IKE SA that it is currently trying to close (whether > or not it has already sent the delete notification for the SA). > >Section 2.25.2 (Collisions While Rekeying or Closing IKE SAs) states: > > If a peer receives a request to close an IKE SA that it is > currently trying to close, it SHOULD reply as usual, and forget about > its own close request. > >Based on the text in Section 2.25.2 it seems that perhaps the MUST in >Section 2.8.2 is really a SHOULD. Or, based on the text in 2.8.2, the >SHOULD in 2.25.2 should be a MUST.
This got no response; does anyone have an opinion? --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
