[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Phase 1 KB lifetime

To: Paul Koning <pkoning@xedia.com>
Subject: Re: Phase 1 KB lifetime
From: "Shawn Mamros" <smamros@nortelnetworks.com>
Date: Wed, 19 Jan 2000 11:49:58 -0500
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

At 11:22 AM 1/19/2000 -0500, Paul Koning wrote:
>Now consider a similar situation with byte count limits rather than
>time limits.  And assume that the network is very lossy (because
>otherwise acked deletes work).  In that case, the sender's byte count
>is substantially greater than the receiver's byte count.  So the
>sender will rekey much sooner than the receiver expects.
>
>You get the same problem then, and responder-lifetime isn't any help.

But in that case, the sender *does* rekey.  Rekeying sooner than
one expects shouldn't cause a problem, should it?  The problem is
when you *don't* rekey and it's actually necessary to do so (which
is what my example illustrated and which RESPONDER-LIFETIME solves).

-Shawn Mamros
E-mail to: smamros@nortelnetworks.com

Follow-Ups:

Re: Phase 1 KB lifetime

From: Paul Koning <pkoning@xedia.com>

Prev by Date: Re: Phase 1 KB lifetime
Next by Date: Re: Phase 1 KB lifetime
Prev by thread: Re: Phase 1 KB lifetime
Next by thread: Re: Phase 1 KB lifetime
Index(es):
- Main
- Thread