Can I assume from the Resouding Silence that no-one is implementing RESPONDER_LIFETIME Notify messages yet?
-- BEGIN included message
- To: Derrell Piper <ddp@network-alchemy.com>
- Subject: RESPONDER_LIFETIME message format query
- From: "C. Harald Koch" <chk@utcc.utoronto.ca>
- Date: Mon, 4 May 1998 15:45:49 -0400
- Cc: ipsec@tis.com
- Sender: owner-ipsec@ex.tis.com
The DOI says: 4.6.3.1 RESPONDER-LIFETIME The RESPONDER-LIFETIME status message may be used to communicate the IPSEC SA lifetime chosen by the responder. When present, the Notification Payload MUST have the following format: o Payload Length - set to length of payload + size of data (var) o DOI - set to IPSEC DOI (1) o Protocol ID - set to selected Protocol ID from chosen SA >>>> o SPI Size - set to sixteen (16) (two eight-octet ISAKMP cookies) o Notify Message Type - set to RESPONDER-LIFETIME (Section 4.6.3) >>>> o SPI - set to the two ISAKMP cookies o Notification Data - contains an ISAKMP attribute list with the responder's actual SA lifetime(s) Why is the SPI here the ISAKMP SPI? Shouldn't it be the ISAKMP SPI iff the lifetime in question is the Phase1 lifetime being 'adjusted', and the IPSEC SPI iff the lifetime in question is the Phase2 lifetime? Confused, -- Harald Koch <chk@utcc.utoronto.ca>
-- END included message