[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Expiry based on traffic (kilobytes)

To: Roy Pereira <rpereira@TimeStep.com>
Subject: Re: Expiry based on traffic (kilobytes)
From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
Date: Sat, 04 Oct 1997 16:35:29 EDT
cc: "'IPSEC Mailing List'" <ipsec@tis.com>
In-reply-to: Your message of "Fri, 03 Oct 1997 15:18:16 EDT." <c=US%a=_%p=TimeStep_Corpora%l=TSNTSRV2-971003191816Z-2690@tsntsrv2.timestep.com>
Sender: owner-ipsec@ex.tis.com

-----BEGIN PGP SIGNED MESSAGE-----


In message <c=US%a=_%p=TimeStep_Corpora%l=TSNTSRV2-971003191816Z-2690@tsntsrv2.
timestep.com>, Roy Pereira writes:
>[1] Do we add all of the IP packet, or just the section that the SA
>secured (since an IP packet might have more than one SA transform it).  
>[2] Do we also add up the byte count from incoming packets?  
>[3] If so, do we count all of the packet, or just the section that was
>protected by the SA?

[1] Just the section that the SA secured; if the SA includes both
encryption and authentication, then only the encrypted bytes should be
counted.

[2] Incoming packets correspond to a different SA (since we have one
SA for each direction). You count those for their respective SA. Or
did i misunderstand the question ?

[3] Same as [1]

Cheers,
- -Angelos

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBNDaokL0pBjh2h1kFAQGxpgP+JziqHKrx+tUO0T0tLvTenjRaqS1ZtKER
HpL99SbixfZ+4S1UA3LmNse5izAXeGdiAr1ZDoS09B5XhkIW47jXF9EDvQ0o32Ce
E8qJV6o6ByzaquFj+NtNrSxmRgHwhfAlL4aT1XtdsDimlhx0tBBDWIZ0XtsvGyOw
241P1SQxVPk=
=WCIe
-----END PGP SIGNATURE-----

References:

Expiry based on traffic (kilobytes)

From: Roy Pereira <rpereira@TimeStep.com>

Prev by Date: Re: Internet Drafts -- AH and ESP specs
Next by Date: Re: change in isakmp/oakley
Prev by thread: Re: Expiry based on traffic (kilobytes)
Next by thread: Re: Expiry based on traffic (kilobytes)
Index(es):
- Main
- Thread