[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: simultaneous lifetime type support required?
-----BEGIN PGP SIGNED MESSAGE-----
To: "Scott G. Kelly" <skelly@redcreek.com>
Subject: Re: simultaneous lifetime type support required?
Cc: Roy Pereira <rpereira@TimeStep.com>, ipsec@tis.com
Date: 07/09/98, 13:50:08
In message <35A501E9.77B96C7C@redcreek.com>, "Scott G. Kelly" writes:
>
>The question has not been answered satisfactorily by any of the
>responses to date. Let me rephrase: where in the document set does it
>state that a system MUST/should/may support simultaneous specification
>of seconds/kbytes for SA lifetimes, terminating the SA depending upon
>which limit is reached first? I see a reference to multiple lifetimes in
>DOI (section 4.5.2), but this is just parsing info, and does not contain
>any language indicating the implementation status (must/may/should). I
>see no other references.
This is implied by the fact both lifetimes appeared in the same
proposal. Otherwise, one could ask "am I supposed to support 3DES
encryption and MD5 MAC simultaneously ?" which is what your question
sounds like. As the draft mentions (somewhere), the proposal is
accepted as a block.
- -Angelos
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQCVAwUBNaUC0r0pBjh2h1kFAQHSEAP/S/1ORB7NMjH2fxtFsQ7N9oPajMMNI3sX
GAgPzwkNTOCwzU03IT0YhbikdDCnjMeEJ4pfeLGI0CR1YtthsQRUxTYhcPcMIZA3
frqswkScXLnulWfTbeXR3KVTqsRAhAwT31YqsIpzuQi5PibPvlAxiIK8glFGHL4q
/iLx1fG9jqY=
=uNRj
-----END PGP SIGNATURE-----
Follow-Ups:
References: