Re: Comments on draft-ietf-ipsec-ike-01.txt (long)

[Dan Harkins <dharkins@network-alchemy.com>]

  Lemme just note that the lifetime issue was discussed in Chicago almost
a year ago. It was included on the IKE/DOI errata page for about that
long and also discussed on the list. There was even a presentation-- in 
Orlando, I think-- that discussed it. Nobody seemed to have any problem 
with it... until now.

  Dan.

On Wed, 02 Jun 1999 21:24:11 PDT I wrote
>   At the last bakeoff there was unanimous concent to mandate the use
> of the acknowledged informational exchange to send delete messages
> when deleteing an SA. At least there were lots of "yes"es and no
> "no"s when I asked and asked again just to make sure. If this text
> is added then the concern about accepting a phase 1 lifetime which
> is greater than the locally configured time goes away because you're
> guaranteed that the peer will receive your delete message.
> 
>   So I'll add such text and remove the lifetime discussion from 3.2.
> I will leave the SHOULD language for "negotiating up" the following:
> 
> 	* encryption algorithms with a variable length key, block size,
> 	  or number of rounds.
> 	* Diffie-Hellman groups of the same type.
> 
> SHOULD is appropriate because, per RFC2119, in general it seems the 
> right and prudent thing to do but there may exist valid reasons to not 
> negotiate up and that behavior should be carefully considered before 
> electing to do so.
> 
>   How does that sound?
> 
>   Dan.

---

References:

• Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
• From: Dan Harkins <dharkins@network-alchemy.com>

---

• Prev by Date: Re: New XAUTH draft
• Next by Date: I-D ACTION:draft-ietf-ipsec-monitor-mib-01.txt
• Prev by thread: Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
• Next by thread: Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
• Index(es):
  • Main
  • Thread