[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Comments on draft-ietf-ipsec-ike-01.txt (long)



Doesn't this cause problems when B decides to rekey the SA (e.g. because 
most of the traffic is B->A) ? If A rejects the proposal because the 
parameters are too weak it could be a long time before A decides to rekey
and the SA becomes usable again.

If this is the case I'd rather the system tell me immediately that it won't 
work rather than at 2am tommorow when it decides to rekey.

John

-----Original Message-----
From: Paul Koning [mailto:pkoning@xedia.com]
Sent: Thursday, June 03, 1999 4:48 PM
To: David_Mason@nai.com
Cc: dharkins@network-alchemy.com; ipsec@lists.tislabs.com
Subject: RE: Comments on draft-ietf-ipsec-ike-01.txt (long) 


>>>>> "Mason," == Mason, David <David_Mason@nai.com> writes:

 >> So I'll add such text and remove the lifetime discussion from 3.2.
 >> I will leave the SHOULD language for "negotiating up" the
 >> following:

 Mason,> I'd prefer to have it be a MAY because if A can successfully
 Mason,> initiate with B, B SHOULD be able to successfully initiate
 Mason,> with A and more often than not "negotiating up" will only
 Mason,> allow successful initiations from the stronger side.

I prefer Dan's proposal.  While it makes sense not to require
negotiating up, it seems right to recommend it.

The argument about symmetry is not all that convincing.  Is it better
for the sake of symmetry for A to refuse to talk to B (on the grounds
that B couldn't talk to A)?  I don't think so.  I'd rather have
connectivity.  But of course you're free to make the other choice.

	paul