[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Phase 1 KB lifetime
I'd like to nip this in the bud. The "just go ahead and enforce a lifetime,
just don't tell me about it" combined with "implementations are not required
to interperet lifetime notifies" is probably the reason that people have
problems with rekeying.
It is _never_ a good idea to just enforce a lifetime without telling the
peer (assuming, as we all remember from 3rd grade, makes an ass out of you
and me). Similarly it is _never_ a good idea to ignore the lifetime notify
a peer gives you.
If it has to be expressly stated in the RFC (I'm a bit surprised by this
line of reasoning though) then so be it.
Dan.
On Tue, 18 Jan 2000 16:43:29 EST you wrote
>
> There are essentially two opinions concerning the removal of the kb lifetime
> notify -- one pro, one con:
>
> Pro: Implementations are not required to send lifetime notifies. If you want
> to enforce a kb lifetime, go ahead -- just don't tell me about it.
>
> Con: Implementations are not required to interpret lifetime notifies.
> Sending the kb lifetime notify does not hinder interoperability. In fact, as
> has been pointed out on this list before, not sending lifetime notifies can
> hinder interoperability with some implementations.
Follow-Ups:
References: