[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Phase 1 Re-keying Implementation Identification

To: Slava Kavsan <bkavsan@ire-ma.com>
Subject: RE: Phase 1 Re-keying Implementation Identification
From: Tim Jenkins <tjenkins@TimeStep.com>
Date: Tue, 16 Nov 1999 15:19:52 -0500
Cc: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com


> -----Original Message-----
> From: Slava Kavsan [mailto:bkavsan@ire-ma.com]
> Sent: November 16, 1999 2:59 PM
> To: Ben McCann
> Cc: 'ipsec@lists.tislabs.com'
> Subject: Re: Phase 1 Re-keying Implementation Identification
> 
> 
> I have a question on "continious" model re-keying:
> 
> If P1 lifetime is set to 7 min and P2 lifetime is set to 5 
> min - what do you do when
> P1 re-keyes after 7 min - do you re-key P2 after 5+2 minutes also?
> 
> (Of course, in the "dangling" model - both phases re-key on 
> their own schedule
> independent from each other).
> 

There's no reason that any phase 2 re-keying changes with the continuous
channel model. Only the phase 1 SA re-keying is affected. In the continuous
channel model, you re-key the phase 1 SA some time *before* the 7 minutes is
up. In the dangling case, you let it expire if you haven't already deleted
it.

Phase 2 is re-keyed as needed, with the oldest phase 1 SA available
(continuous channel model), or with a new one if needed (dangling phase 2
model).

Prev by Date: Re: Phase 1 Re-keying Implementation Identification
Next by Date: iaPCBC papers
Prev by thread: Re: Phase 1 Re-keying Implementation Identification
Next by thread: RE: Phase 1 Re-keying Implementation Identification
Index(es):
- Main
- Thread