[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Phase 1 KB lifetime
At 11:22 AM 1/19/2000 -0500, Paul Koning wrote:
>Now consider a similar situation with byte count limits rather than
>time limits. And assume that the network is very lossy (because
>otherwise acked deletes work). In that case, the sender's byte count
>is substantially greater than the receiver's byte count. So the
>sender will rekey much sooner than the receiver expects.
>
>You get the same problem then, and responder-lifetime isn't any help.
But in that case, the sender *does* rekey. Rekeying sooner than
one expects shouldn't cause a problem, should it? The problem is
when you *don't* rekey and it's actually necessary to do so (which
is what my example illustrated and which RESPONDER-LIFETIME solves).
-Shawn Mamros
E-mail to: smamros@nortelnetworks.com
Follow-Ups: