[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments about draft-ietf-ipsec-ike-01.txt
Tamir Zegman writes:
> Ok, I get your point, so let me ask you another question, what is a
> negotiation?
In my first mail I defined it like this:
----------------------------------------------------------------------
The negotiations should be defined so that all negotiations that use
SKEYID_d (consumes entropy from it) is counted as one negotiation,
those negotiations which do not use it (notifications, new group mode
etc) are not counted as negotiations here.
----------------------------------------------------------------------
I agree that negotiation is bad word for that, perhaps we should use
some other. I don't want to use "quick mode negotiations" because if
somebody add new negotiation that is similar than quick mode then this
would not cover it.
> Is a notification a separate negotiation?
It doesn't consume any entropy from the SKEYID_d so it is not counted.
> Is new group mode counted?
It doesn't consume any entropy from the SKEYID_d so it is not counted.
> What about IKE config?
It doesn't consume any entropy from the SKEYID_d so it is not counted.
--
kivinen@iki.fi Work : +358-9-4354 3218
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
References: