[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simultaneous lifetime type support required?



Angelos D. Keromytis wrote:
> This is implied by the fact both lifetimes appeared in the same
> proposal. Otherwise, one could ask "am I supposed to support 3DES
> encryption and MD5 MAC simultaneously ?" which is what your question
> sounds like. As the draft mentions (somewhere), the proposal is
> accepted as a block.
> - -Angelos

Not trying to be difficult here, just looking for a clarification.
Someone asked me if we're *required* to implement this and I said yes,
recalling prior discussion on this list. That person said the documents
don't support my assertion, and a quick re-read confirms that other than
the reference in DOI, this appears to be true. I'm asking if people here
agree that the documents don't explicitly require this, and what I hear
is that everyone thinks this is a requirement, but nobody can say where
the language is.

In general, when something is *required*, documents say 'MUST'. For the
sake of argument, I concede that the requirement is at least implied by
the reference in DOI, and that if one wishes to interoperate with
others, it is appropriate to support it. But DOI only refers to phase 2,
so what about phase 1? Is there language anywhere defining this? If not,
and if we want apply this same interoperability caveat to phase 1,
shouldn't there be language to that affect in either ISAKMP or ARCH?


Follow-Ups: References: