[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments about draft-ietf-ipsec-ike-01.txt
Just phase 1. For the IPSec SAs it makes sense. But I don't see a
point in doing it for the IKE SA negotiated in phase 1.
Dan.
On Thu, 24 Jun 1999 14:08:55 PDT you wrote
> > Does anybody use KB lifetimes in IKE? I was asked to replace that with
> > Kivinen's new "usage" lifetime. It doesn't seem like KB lifetimes in IKE
> > make much sense since the traffic being protected is just IKE and cracking
> > SKEYID_e doesn't give you SKEYID_d.
>
> Do you mean for IKE SAs? Phase 2 (i.e. AH/ESP) SAs? Or both?
>
> I agree with Kivenen in that for Phase 1, KB makes little to no sense. For
> Phase 2, however, I can see some people not wanting to encrypt too many
> bytes.
>
> I haven't heard anyone beating down my door for KB (or bytes) lifetimes,
> however.
>
> Dan McD. (the other Dan :)
Follow-Ups:
References: