[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Phase 1 KB lifetime
Okay. I'm fine with that.
So why did we have this whole discussion? It seems like we were only arguing
over semantics.
I would define "lifetime" as something like: "a predetermined longevity
constraint that does not depend on transient conditions".
I think that you define "lifetime" as: "a longevity constraint that has a
magic number assigned to it in IKE".
Maybe we need to clarify our definitions when we start violently agreeing.
Andrew
_______________________________________________
Beauty without truth is insubstantial.
Truth without beauty is unbearable.
> -----Original Message-----
> From: Dan Harkins [mailto:dharkins@network-alchemy.com]
> Sent: Wednesday, January 19, 2000 8:39 PM
> To: Andrew Krywaniuk
> Cc: ipsec@lists.tislabs.com
> Subject: Re: Phase 1 KB lifetime
>
>
> On Wed, 19 Jan 2000 19:52:28 EST you wrote
> >
> > But if you:
> >
> > 1. State that "It is _never_ a good idea to just enforce a
> lifetime without
> > telling the peer".
> > AND
> > 2. Agree that lifetime constraints are a component of policy.
> > AND
> > 3. Want to remove the definition of the kb lifetime magic
> number from IKE.
> >
> > ...then like it or not you ARE legislating policy.
>
> No I'm not. You can delete phase 1 SAs based on any arbitrary
> occurance you
> like-- phases of the moon, closing stock price of NN,
> whatever. Note that
> none of these have magic numbers in IKE. The question was
> raised (not by me
> I might add) to move kilobyte lifetime for phase 1 to the
> pile of other
> arbitrary occurances that don't really make sense and
> therefore do not have
> magic numbers assigned.
>
> I really would like to legislate the word "policy" (also
> known as the "p-word")
> out of discussions on the protocol though. My illustrated
> dictionary has a
> picture of a rat hole next to the definition of "policy".
>
> Dan.
>
>