[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
At the last bakeoff there was unanimous concent to mandate the use
of the acknowledged informational exchange to send delete messages
when deleteing an SA. At least there were lots of "yes"es and no
"no"s when I asked and asked again just to make sure. If this text
is added then the concern about accepting a phase 1 lifetime which
is greater than the locally configured time goes away because you're
guaranteed that the peer will receive your delete message.
So I'll add such text and remove the lifetime discussion from 3.2.
I will leave the SHOULD language for "negotiating up" the following:
* encryption algorithms with a variable length key, block size,
or number of rounds.
* Diffie-Hellman groups of the same type.
SHOULD is appropriate because, per RFC2119, in general it seems the
right and prudent thing to do but there may exist valid reasons to not
negotiate up and that behavior should be carefully considered before
electing to do so.
How does that sound?
Dan.
On Wed, 02 Jun 1999 17:43:39 EDT Paul Koning wrote
> >>>>> "Dan" == Dan Harkins <dharkins@Network-Alchemy.COM> writes:
>
> Dan> The text specifically discusses "certain negotiable attributes
> Dan> [that] have ranges or multiple acceptable values." It's not
> Dan> discussing the relative strengths of different algorithms.
>
> I realize that. The key length case is clear. The group number case
> could be misinterpreted as a comparison among algorithms, since some
> groups are MODP and some are elliptic curve. The example is fine, but
> you might want to clarify that it doesn't apply to, say, a local
> policy for group 2 and a proposal of group 3.
>
Follow-Ups:
References: