David Wierbowski writes: > >Do you think it is legal to create a system where one Child SA can > >fail in such way that IKE SA cannot send delete notification? > > I do not think a robust IKE implementation would allow this.
I agree, and the current text says you cannot do that (i.e. it says taht if that is possible, you need to create Child SAs with separate IKE SAs). > >The current text says it is not legal, but your replacement text > >allows it. > > The current bis text is: > If a system creates Child SAs that can fail independently from one > another without the associated IKE SA being able to send a delete > message, then the system MUST negotiate such Child SAs using separate > IKE SAs. > > This text also does not prevent the above. It just says how the > children can be created. It says nothing about what happens when > they fail. It says that you are not allowed to do that, you MUST create such Child SAs on separate IKE SAs. Meaning that if you follow that MUST, then the Child SAs cannot fail independently from one another without the associated IKE SA being able to send a delete notification. I.e you must group IKE SA and the Child SAs in such way that they cannot fail independently. In worst case you need to create one IKE SA for one Child SAs. > >I do not think such setup should be allowed. I.e. if any of the Child > >SAs or the associated IKE SA fail, in such way that delete > >notification cannot be sent, then all the Child SAs AND the IKE SA > >needs to be destroyed. > > Then say that. Say if a Child SA fails and a delete notification > cannot be sent then the IKE SA must be deleted. Personally I think > you change how you interpret the sentence each time you respond which > just echoes Paul's original point, that the text is not clear. I am not changing the way I interpret the sentence, I am trying to explain to you that the current text provides solution for different cases, and covers lots of cases. I agree it might not be clear for some people, but I have not seen any better way to say the same text which would cover all the cases behind the original text. If you can provide such exact text, then we can look at that. I have not yet seen such text, meaning the current text is best we have now. I do not want the current text to be removed just because some people think it is not clear as for me it is clear enough and it is something that needs to be mentioned, and I have not seen better text to replace it. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
