[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: simultaneous lifetime type support required?
>>>>> "Angelos" == Angelos D Keromytis <angelos@dsl.cis.upenn.edu> writes:
Angelos> In message <35A501E9.77B96C7C@redcreek.com>, "Scott G. Kelly" writes:
>>
>> The question has not been answered satisfactorily by any of the
>> responses to date. Let me rephrase: where in the document set does it
>> state that a system MUST/should/may support simultaneous specification
>> of seconds/kbytes for SA lifetimes, terminating the SA depending upon
>> which limit is reached first? I see a reference to multiple lifetimes in
>> DOI (section 4.5.2), but this is just parsing info, and does not contain
>> any language indicating the implementation status (must/may/should). I
>> see no other references.
Angelos> This is implied by the fact both lifetimes appeared in the same
Angelos> proposal. Otherwise, one could ask "am I supposed to support 3DES
Angelos> encryption and MD5 MAC simultaneously ?" which is what your question
Angelos> sounds like. As the draft mentions (somewhere), the proposal is
Angelos> accepted as a block.
The question is, MUST a compliant implementation accept such a proposal?
:!mcr!: | "Elegant and extremely rapid for calculation are the
Michael Richardson | techniques of Young tableaux. They also have the merit
| of being fun to play with." - p.47 Intro to Quarks&Partons
Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>.
References: