[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SA Attribute Negotiation

To: "'Greg Carter'" <carterg@entrust.com>, "'Daniel Harkins'" <dharkins@cisco.com>
Subject: RE: SA Attribute Negotiation
From: Roy Pereira <rpereira@TimeStep.com>
Date: Thu, 12 Dec 1996 19:48:11 -0500
Cc: "'ipsec@tis.com'" <ipsec@tis.com>, "'isakmp-oakley@cisco.com'" <isakmp-oakley@cisco.com>
Sender: owner-ipsec@ex.tis.com

>> I am a little unclear as to how to negotiate variable length SA
>> attributes, such as any of the Duration attributes.
>> 
>> Are these variable length attributes non negotiable?  Simply stated by
>> the initiator and accepted by the responder?
>> 
>> If not how are we supposed to handle differences in values?  It would
>> seem impractical to reject a proposal because the requested Key Duration
>> was not exactly that expected.  Is it local policy as to what to do
>> (i.e. accept shorter durations, but reject longer)?

I would like to see a standard length for some of the attributes, like
key durations.  If we decide upon a 32 bit integer to represent these
and other values, then all implementations would be able to handle these
attributes correctly.

But if one implementation sends out a key duration of 1^199 seconds and
codes it as a 128 bit integer, a lot of implementations will not be able
to utilize it and thus it will not accept that proposal.  We need to
define standard variable attribute that has a lenth of 32 bits.  This
would be used by attributes that need integers as values, but that can't
or dont wish to represent them as 16-bits with a basic attribute.

Prev by Date: No Subject
Next by Date: Another SA Attribute Question
Prev by thread: Re: SA Attribute Negotiation
Next by thread: RE: SA Attribute Negotiation
Index(es):
- Main
- Thread