[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Phase 1 KB lifetime



Dan:

> You can delete your SAs anytime you want. You can set a panic 
> timer to reboot
> your box every hour on the hour. That does not violate the 
> protocol. What
> I was saying is that when someone sends you a message telling 
> you that the
> lifetime you just negotiated should be less you should not 
> just skip over
> it and go merrrily on your way assuming that the SA will be 
> deleted when,
> in fact, it will not. That way lies problems.
> 
> I'm not talking about forbidding perfectly common sense 
> things (which, by the
> way don't really have much to do with the protocol) I'm talking about
> requiring perfectly common sense things (which do).

Andrew:

Fine. As I said, our code has support for the responder lifetime notify. We
send it and parse it. If the responder adjusts the lifetime, we honour it
AND we send the delete. I'm not arguing with you on this point.

I'm saying that if someone was paranoid enough to want to expire their SAs
based on a kb lifetime, which is a possible weakness (even if some consider
it too unlikely or too unworthy to protect against), then they should go
ahead and delete their SAs regardless of whether there is an assigned magic
number for kb lifetimes in the draft.


Should they send a responder lifetime notify regarding this constraint? 

On one hand, you are saying that an implementation should notify the peer of
all of its lifetime constraints. On the other hand, you want to remove (or
at least deprecate) the magic number associated with this lifetime
constraint. 

If the user values strict security over strict standards compliance then
they have no choice but to enforce the kb lifetime rule without sending a
notify.

If you want to prevent implementations which enforce local kb lifetime rules
from sending a notify then fine... just don't try to legislate policy.

Andrew
_______________________________________________
 Beauty without truth is insubstantial.
 Truth without beauty is unbearable.



Follow-Ups: