[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DOI and isakmp-oakley questions

To: ho@earth.hpc.org (Hilarie Orman)
Subject: Re: DOI and isakmp-oakley questions
From: Derrell Piper <piper@cisco.com>
Date: Thu, 29 May 1997 09:25:58 -0700
cc: ipsec@tis.com
In-reply-to: Your message of "Thu, 29 May 1997 10:37:44 EDT." <199705291437.KAA02973@earth.hpc.org>
Sender: owner-ipsec@ex.tis.com

>The DOI talks about key lifetimes computed "under" an ESP or AH SA,
>noting that derived keys must expire at the same time.  I don't
>understand what this means ... keys are computed under an ISA/Oak SA,
>not an ESP SA, aren't they?  What does the text mean?

Hilarie,

The only reference I can find to "under" in the latest draft is in the
discussion of SA lifetimes:

      SA Life Type
      SA Duration

	Specifies the time-to-live for the overall security
	association.  When the SA expires, all keys negotiated
	under the association (AH or ESP) must be renegotiated
	regardless of the time-to-live remaining for the keys.

I don't understand what a key lifetime "under" an ESP or AH SA would mean
either, so if it said that in the past, I must have fixed it.  If there's a
more specific section you think needs to be cleaned up that I missed,
either post it here or email it to me directly.

Thanks,

Derrell

References:

DOI and isakmp-oakley questions

From: ho@earth.hpc.org (Hilarie Orman)

Prev by Date: Re: IPSEC AH -- document
Next by Date: Re: another padding question ...
Prev by thread: DOI and isakmp-oakley questions
Next by thread: eliminate AH -- unanimous
Index(es):
- Main
- Thread