[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DOI and isakmp-oakley questions
>The DOI talks about key lifetimes computed "under" an ESP or AH SA,
>noting that derived keys must expire at the same time. I don't
>understand what this means ... keys are computed under an ISA/Oak SA,
>not an ESP SA, aren't they? What does the text mean?
Hilarie,
The only reference I can find to "under" in the latest draft is in the
discussion of SA lifetimes:
SA Life Type
SA Duration
Specifies the time-to-live for the overall security
association. When the SA expires, all keys negotiated
under the association (AH or ESP) must be renegotiated
regardless of the time-to-live remaining for the keys.
I don't understand what a key lifetime "under" an ESP or AH SA would mean
either, so if it said that in the past, I must have fixed it. If there's a
more specific section you think needs to be cleaned up that I missed,
either post it here or email it to me directly.
Thanks,
Derrell
References: