[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SA negotiation




Text item: Text Item

This sounds reasonable to me.  By sending multiple acceptable proposals, the
initiator is giving the responder a choice of which to choose.  The ISAKMP
protocol, by indicating that the proposals are ordered by preference, merely
conveys the initiators preferences to the responder.

It is the responder's choice as to what proposal to choose, so it can choose
whichever is more favorable.  If there is more than one proposal that it
equally
likes the most, then it is being respectful for the responder to select the
initiators more favorite one.

There are a couple things that contribute to my point of view here:
+ the initiator (in general) has no way to know what the responder's policies
and priorities are
+ a simple list of preferences does not convey how much the initiator prefers
one proposal over another, even if there were some metric by which to compare
initiators and responders preferences
+ if initiator can't trust the responder (the safe assumption), then it
shouldn't send out a proposal that is not acceptable


As for the key life duration negotiation issue, I agree that it makes since to
go with the shorter-lived key proposal if the proposals only differ in the
lifetime of the key.  Given the number of possible lifetimes that can be
suggested, what are the chances that initiator and responder come up with the
same value?  I don't know that answer, but it could be small.  And going with
the shorter lifetime is presumedly the more security alternative.

  Jim
-----Original Message-----
From:   owner-ipsec@portal.ex.tis.com 
Sent:   Tuesday, July 01, 1997 11:26 AM
To:     ipsec@tis.com
Subject:        SA negotiation
I disagree, if the Initiator makes more than one proposal, he is
relinquishing control.  If the proposer wants P1, he should only offer
P1.  If he will accept either then he must be prepared to have the
responder choose.

Another question on the subject:  Key life duration... if the initiator
proposal is identical to a responder policy except the key life
associated with the entry is different eg. initiator proposes P1 (key
life 100 seconds) and responder has a policy entry with key life of 150
seconds.  I think even though the entries don't match, the responder
should respond with 100 seconds (the more restrictive)  Comments?