[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Retransmits in traffic count?

To: Dan Harkins <dharkins@network-alchemy.com>
Subject: RE: Retransmits in traffic count?
From: Tim Jenkins <tjenkins@TimeStep.com>
Date: Thu, 5 Aug 1999 14:23:20 -0400
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

The particular MIB in question refers to the ISAKMP DOI-independent MIB. All
of its objects are supposed to be based on RFC 2408. As it turns out, there
are no SA lifetime attributes defined in RFC2408, suggesting that SA
lifetime objects and the like should be removed from that MIB, and placed
only in the DOI-dependent MIBs.

However, that raises another issue. If I understand the document advancement
process correctly, no document can go to RFC status if it refers to "works
in progress". If John and I move the SA lifetime objects to the DOI of 1
MIB, we can only refer to RFC 2409, which defines SA lifetimes as time and
traffic, not negotiations.

Further, I'm not sure that removing traffic lifetime limitations is a good
idea, for backwards compatibility if nothing else. I also don't understand
why it's a bad thing. Did we also decide that traffic based expiration of
phase 2 SAs was a bad thing? Don't they exist to allow users to limit the
exposure of encrypted material, potentially based on the strength of the
algorithm?

The only difficulty that I can see with phase 1 SA traffic lifetimes is what
to do if it expires in the middle of an exchange.

I don't object to adding negotiation limits for lifetime, only object to
removing the existing traffic expiration.


> -----Original Message-----
> From: Dan Harkins [mailto:dharkins@Network-Alchemy.COM]
> Sent: August 5, 1999 1:57 PM
> To: Tim Jenkins
> Cc: Dan McDonald; ipsec@lists.tislabs.com
> Subject: Re: Retransmits in traffic count? 
> 
> 
>   I thought that we were doing away with traffic-based lifetime for
> the IKE SA? That was suggested by Kivinen about 2 months ago. 
> It sounded
> reasonable to me and no one complained. I was going to replace the 
> traffic-based lifetime by "negotiations".
> 
>   Dan.
> 
> On Thu, 05 Aug 1999 08:44:32 EDT you wrote
> > Let me start again.
> > 
> > Should the traffic used in re-transmitting packets used in 
> phase 1 SAs while
> > negotiating anything be counted against the traffic-based 
> lifetime of the
> > SA?
> > 
>

Follow-Ups:

Re: Retransmits in traffic count?

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: Re: PKIX vs draft-ietf-ipsec-pki-req-02.txt
Next by Date: RE: Retransmits in traffic count?
Prev by thread: RE: Retransmits in traffic count?
Next by thread: Re: Retransmits in traffic count?
Index(es):
- Main
- Thread