Re: Comments about draft-ietf-ipsec-ike-01.txt

[Tero Kivinen <kivinen@ssh.fi>]

Tamir Zegman writes:
> Ok, I get your point, so let me ask you another question, what is a
> negotiation?

In my first mail I defined it like this:

----------------------------------------------------------------------
The negotiations should be defined so that all negotiations that use
SKEYID_d (consumes entropy from it) is counted as one negotiation,
those negotiations which do not use it (notifications, new group mode
etc) are not counted as negotiations here.
----------------------------------------------------------------------

I agree that negotiation is bad word for that, perhaps we should use
some other. I don't want to use "quick mode negotiations" because if
somebody add new negotiation that is similar than quick mode then this
would not cover it. 

> Is a notification a separate negotiation?

It doesn't consume any entropy from the SKEYID_d so it is not counted. 

> Is new group mode counted?

It doesn't consume any entropy from the SKEYID_d so it is not counted.

> What about IKE config?

It doesn't consume any entropy from the SKEYID_d so it is not counted.
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

---

References:

• Comments about draft-ietf-ipsec-ike-01.txt
• From: Tero Kivinen <kivinen@ssh.fi>
• Re: Comments about draft-ietf-ipsec-ike-01.txt
• From: Tamir Zegman <zegman@checkpoint.com>
• Re: Comments about draft-ietf-ipsec-ike-01.txt
• From: Tero Kivinen <kivinen@ssh.fi>
• Re: Comments about draft-ietf-ipsec-ike-01.txt
• From: Tamir Zegman <zegman@checkpoint.com>

---

• Prev by Date: Re: issues from the bakeoff
• Next by Date: Re: issues from the bakeoff
• Prev by thread: Re: Comments about draft-ietf-ipsec-ike-01.txt
• Next by thread: RE: Comments about draft-ietf-ipsec-ike-01.txt
• Index(es):
  • Main
  • Thread