On Tue, 25 Aug 2015, D. Hugh Redelmeier wrote:
"replaced" is not a concept in IKEv1. It is a weak notion in our code. There is no way to know if the other side shares that notion.
right.
Off the top of my head, without due diligence, I would say that if one SA is deleted, and it is the eroute owner, and there is an identical SA, it should be made the eroute owner.
But i think the "replaced" SA is not used anymore by the other end. Making it the eroute owner I assume we would expect the remote peer to suddenlt start encrypting to us with a different key? I am pretty sure they won't do that. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
