[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec
Subject:    Re: Per-socket policy and ISAKMP
From:       Stephen Kent <kent () bbn ! com>
Date:       1998-01-23 23:20:22
[Download RAW message or body]

Dan,

	The model I've been assuming calls for the SPD to be consulted when
a new SA is created, irrespective of whether one is the initiator or
responder.  If the intent of the local policy is to require SHA-1 for all
SAs, then that should be reflected in the policy database and I would
suggest that it result in a failed ISAKMP negotiation, to avoid later
discarding of packets.

Steve

[prev in list] [next in list] [prev in thread] [next in thread]