[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Expiry based on traffic (kilobytes)

To: "'IPSEC Mailing List'" <ipsec@tis.com>
Subject: Expiry based on traffic (kilobytes)
From: Roy Pereira <rpereira@TimeStep.com>
Date: Fri, 3 Oct 1997 15:18:16 -0400
Sender: owner-ipsec@ex.tis.com

I think that the wording surounding how to expire an SA based on traffic
should be clearified.  While one can use common sense to figure out this
issue for an Oakley SA, the IPSec SA is trickier. 

The problem is how does the traffic get counted.  

[1] Do we add all of the IP packet, or just the section that the SA
secured (since an IP packet might have more than one SA transform it).  
[2] Do we also add up the byte count from incoming packets?  
[3] If so, do we count all of the packet, or just the section that was
protected by the SA?

Follow-Ups:

Re: Expiry based on traffic (kilobytes)

From: Cheryl Madson <cmadson@cisco.com>

Re: Expiry based on traffic (kilobytes)

From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

Prev by Date: Re: Comments on ISAKMP and Oakley resolution document.
Next by Date: RE: Internet Drafts -- AH and ESP specs
Prev by thread: RE: Comments on ISAKMP and Oakley resolution document.
Next by thread: Re: Expiry based on traffic (kilobytes)
Index(es):
- Main
- Thread