[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments about draft-ietf-ipsec-ike-01.txt



>   Does anybody use KB lifetimes in IKE? I was asked to replace that with
> Kivinen's new "usage" lifetime. It doesn't seem like KB lifetimes in IKE
> make much sense since the traffic being protected is just IKE and cracking
> SKEYID_e doesn't give you SKEYID_d.

Do you mean for IKE SAs?  Phase 2 (i.e. AH/ESP) SAs?  Or both?

I agree with Kivenen in that for Phase 1, KB makes little to no sense.  For
Phase 2, however, I can see some people not wanting to encrypt too many
bytes.

I haven't heard anyone beating down my door for KB (or bytes) lifetimes,
however.

Dan McD. (the other Dan  :)


Follow-Ups: References: