[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SA Lifetimes

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: SA Lifetimes
From: "Lamm, Dennis S Mr (CPF N69DL)" <LammDS@cpf.navy.mil>
Date: Tue, 7 Mar 2000 09:23:02 -1000
Sender: owner-ipsec@lists.tislabs.com

I'm curious what type of SA lifetimes (Phase 2) the group typically
implements, experiences, and most importantly, recommends.  Some products
default to refreshing SAs every 12-24 hours.  To be clear, I'm most
concerned about refreshing the authentication and encryption keys.  I'm
aware that RFC 2401 only recommends that the SA lifetime be no greater than
the applicable certificate validity period.  

Any thoughts or insights would be much appreciated.

Dennis



***************************************
Dennis Lamm, CISSP
Network Security Architect (Wang Govt Services)
CINCPACFLT Information Assurance Office (N69) 
250 Makalapa Drive, Pearl Harbor, HI 96860-3131
EM:  lammds@cpf.navy.mil <mailto:lammds@cpf.navy.mil>
***************************************

Prev by Date: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
Next by Date: R: ipsec NICs? 3com?
Prev by thread: Re: Proposal for new DH Groups 6, 7, and 8
Next by thread: I-D ACTION:draft-ietf-ipsec-ike-hash-revised-01.txt
Index(es):
- Main
- Thread