[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments about draft-ietf-ipsec-ike-01.txt

To: Dan McDonald <danmcd@Eng.Sun.Com>
Subject: Re: Comments about draft-ietf-ipsec-ike-01.txt
From: Dan Harkins <dharkins@network-alchemy.com>
Date: Thu, 24 Jun 1999 14:20:30 -0700
cc: sbeaulieu@TimeStep.com, zegman@checkpoint.com, ipsec@lists.tislabs.com
In-reply-to: Your message of "Thu, 24 Jun 1999 14:08:55 PDT." <199906242108.OAA08372@kebe.Eng.Sun.COM>
Sender: owner-ipsec@lists.tislabs.com

  Just phase 1. For the IPSec SAs it makes sense. But I don't see a
point in doing it for the IKE SA negotiated in phase 1.

  Dan.

On Thu, 24 Jun 1999 14:08:55 PDT you wrote
> >   Does anybody use KB lifetimes in IKE? I was asked to replace that with
> > Kivinen's new "usage" lifetime. It doesn't seem like KB lifetimes in IKE
> > make much sense since the traffic being protected is just IKE and cracking
> > SKEYID_e doesn't give you SKEYID_d.
> 
> Do you mean for IKE SAs?  Phase 2 (i.e. AH/ESP) SAs?  Or both?
> 
> I agree with Kivenen in that for Phase 1, KB makes little to no sense.  For
> Phase 2, however, I can see some people not wanting to encrypt too many
> bytes.
> 
> I haven't heard anyone beating down my door for KB (or bytes) lifetimes,
> however.
> 
> Dan McD. (the other Dan  :)

Follow-Ups:

Re: Comments about draft-ietf-ipsec-ike-01.txt

From: Tamir Zegman <zegman@checkpoint.com>

References:

Re: Comments about draft-ietf-ipsec-ike-01.txt

From: Dan McDonald <danmcd@Eng.Sun.Com>

Prev by Date: Re: Comments about draft-ietf-ipsec-ike-01.txt
Next by Date: Re: draft-simpson-danger-isakmp-01.txt
Prev by thread: Re: Comments about draft-ietf-ipsec-ike-01.txt
Next by thread: Re: Comments about draft-ietf-ipsec-ike-01.txt
Index(es):
- Main
- Thread