[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unspecified Lifetime

To: Slava Kavsan <bkavsan@ire-ma.com>
Subject: Re: Unspecified Lifetime
From: "Derrell D. Piper" <ddp@network-alchemy.com>
Date: Fri, 01 Oct 1999 11:54:09 -0700
cc: Kim Edwards <kimed@nortelnetworks.com>, "ipsec@lists.tislabs.com" <ipsec@lists.tislabs.com>
In-reply-to: Your message of "Fri, 01 Oct 1999 13:50:28 EDT." <37F4F464.C7258707@ire-ma.com>
Sender: owner-ipsec@lists.tislabs.com

>If you set lifetime to kilobytes (say 5KB), but then your session stops short of
>this limit (say at 4KB) - then without some large time-based lifetime limit it
>will be alive forever - I am not sure if I want this.

Slava,

That's a good point, however I expect that there might be situations where
folks really do want their SA's to stay around essentially forever (without
regard to the security implications thereof).  If we say that there's always
an overriding time-based expiration, there's now no way to negotiate that.  If
we leave it as it is (and/or with more clarification along the lines of my
earlier note), you can still configure the behavior you want by configuring a
time-based lifetime.  On the third hand, I don't have a lot of religion here.

Anyone else care to weigh in?

Derrell

Follow-Ups:

Re: Unspecified Lifetime

From: Slava Kavsan <bkavsan@ire-ma.com>

References:

Re: Unspecified Lifetime

From: Slava Kavsan <bkavsan@ire-ma.com>

Prev by Date: Re: Unspecified Lifetime
Next by Date: Re: Unspecified Lifetime
Prev by thread: Re: Unspecified Lifetime
Next by thread: Re: Unspecified Lifetime
Index(es):
- Main
- Thread