[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments about draft-ietf-ipsec-ike-01.txt
> Does anybody use KB lifetimes in IKE? I was asked to replace that with
> Kivinen's new "usage" lifetime. It doesn't seem like KB lifetimes in IKE
> make much sense since the traffic being protected is just IKE and cracking
> SKEYID_e doesn't give you SKEYID_d.
Do you mean for IKE SAs? Phase 2 (i.e. AH/ESP) SAs? Or both?
I agree with Kivenen in that for Phase 1, KB makes little to no sense. For
Phase 2, however, I can see some people not wanting to encrypt too many
bytes.
I haven't heard anyone beating down my door for KB (or bytes) lifetimes,
however.
Dan McD. (the other Dan :)
Follow-Ups:
References: