[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: simultaneous lifetime type support required?



Are there any recommended lifetimes (both in time and bytes encrypted) for
various ciphers for both phases?

----------------
Stephen Keung (skeung@rainbow.com)
Rainbow Technologies, Inc.
Internet Security Group

> -----Original Message-----
> From:	Roy Pereira [SMTP:rpereira@TimeStep.com]
> Sent:	Tuesday, July 07, 1998 2:28 PM
> To:	Scott G. Kelly; ipsec@tis.com
> Subject:	RE: simultaneous lifetime type support required?
> 
> You should be able to support both expiry types for both phase 1 and phase
> 2 SAs. 
> 
> Multiple occurrences of each expiry type is forbidden though. 
> 
> 
> > -----Original Message----- 
> > From: Scott G. Kelly [ <mailto:skelly@redcreek.com>] 
> > Sent: Tuesday, July 07, 1998 2:23 PM 
> > To: ipsec@tis.com 
> > Subject: simultaneous lifetime type support required? 
> > 
> > 
> > I recall a discussion regarding the case where lifetimes of both types 
> > are specified, i.e. 8 hours or 10MB, whichever occurs first. 
> > However, I 
> > don't recall the wg's disposition on this matter. 
> > Specifically, is this 
> > required for phase 1, 2, or both? 
> > 
> > I found text referring to this in DOI in section 4.5.2 (attribute 
> > parsing requirements for lifetime), but haven't found 
> > anything in ARCH. 
> > Anyone? 
> > 
> > 
> > 
>