[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: proposed IPSEC changes/extensions

To: pau@watson.ibm.com
Subject: Re: proposed IPSEC changes/extensions
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Fri, 01 Nov 1996 17:12:43 -0500
Cc: kent@bbn.com, ipsec@TIS.COM
In-Reply-To: pau's message of Tue, 29 Oct 1996 15:01:34 -0500. <9610292001.AA22994@secpwr.watson.ibm.com>
Sender: ipsec-approval@neptune.tis.com

> C: If "crypto period" or "SA life time" is an SA parameter, should they
>    be negotiated by key management protocol ? Perhaps as an attribute of a
>    transform in ISAKMP ?

Definitely.  the current isakmp-05 draft says:

   In particular, key lifetimes and SA lifetimes are purely a local
   issue, and should not be negotiated.

I think this is *very* wrong.  It means that a receiver can terminate
an SA while the sender still thinks its valid... this will set off
false alarms when incoming traffic fails to decrypt/verify, and freeze
user traffic for several RTT's while the key mgmt protocols try to
resynchronize.  Very clumsy..

Note that negotiating a lifetime for the SA does *NOT* require
synchronized clocks; all it requires is a clock on each end with
frequency accurate to within a couple percent.

ISAKMP currently handles SA removal with explicit DELETE messages, but
it would be more efficient, in general, to let idle SA's expire
without the need to send messages (consider demand-dial links .. you
probably want the SA to live longer than the demand-dial idle timeout,
and it would be silly to bring the link up just to send a DELETE
message..).

				- Bill

Prev by Date: Re: proposed IPSEC changes/extensions
Next by Date: Re: proposed IPSEC changes/extensions
Prev by thread: Re: proposed IPSEC changes/extensions
Next by thread: Re: proposed IPSEC changes/extensions
Index(es):
- Main
- Thread