[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
Lemme just note that the lifetime issue was discussed in Chicago almost
a year ago. It was included on the IKE/DOI errata page for about that
long and also discussed on the list. There was even a presentation-- in
Orlando, I think-- that discussed it. Nobody seemed to have any problem
with it... until now.
Dan.
On Wed, 02 Jun 1999 21:24:11 PDT I wrote
> At the last bakeoff there was unanimous concent to mandate the use
> of the acknowledged informational exchange to send delete messages
> when deleteing an SA. At least there were lots of "yes"es and no
> "no"s when I asked and asked again just to make sure. If this text
> is added then the concern about accepting a phase 1 lifetime which
> is greater than the locally configured time goes away because you're
> guaranteed that the peer will receive your delete message.
>
> So I'll add such text and remove the lifetime discussion from 3.2.
> I will leave the SHOULD language for "negotiating up" the following:
>
> * encryption algorithms with a variable length key, block size,
> or number of rounds.
> * Diffie-Hellman groups of the same type.
>
> SHOULD is appropriate because, per RFC2119, in general it seems the
> right and prudent thing to do but there may exist valid reasons to not
> negotiate up and that behavior should be carefully considered before
> electing to do so.
>
> How does that sound?
>
> Dan.
References: