[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: default life negotiation issue



Here's how I understand the paragraph in IPDOI you referred to:

If there's no lifetime indicated in the exchange, then both sides MUST assume
the default of 28800 seconds. If a lifesize is given, the default lifetime
applies ALSO, and whichever conditions is hit first triggers the death of the
SA ;)

jan


On Tue, 20 Jun 2000, Will Fiveash wrote:

> Jan,
> 
> I read my note again and I realize that it is a little confusing (I ask the
> same question in two different ways).  Are you telling me that you assume
> that an SA may just use lifesize to determine its duration?  If the
> initiator only proposed a lifesize, the responder would NOT assume the
> lifetime default was implicitly proposed?  (These two questions should have
> the same answer.)
> 
> On Tue, Jun 20, 2000 at 04:16:57PM -0700, Jan Vilhuber wrote:
> > Hi Will!
> > 
> > Yes, I believe your assumption below is correct. At least that's how I've
> > always interpreted it.
> > 
> > jan
> > 
> > 
> > On Tue, 20 Jun 2000, Will Fiveash wrote:
> > 
> > > Can a SA be negotiated that only contains a lifesize (no lifetime in
> > > seconds)?  I ask this because I got a little confused by this paragraph in
> > > RFC2407 (DOI):
> > > 
> > >     If unspecified, the default value shall be assumed to be 28800 seconds
> > >     (8 hours).
> > > 
> > > If a initiator only proposes a lifesize attribute of KBytes, do I assume
> > > that they are also implicitly proposing the default lifetime value above? 
>     ^^^^^^^^^^^^^^^^^^^^ Somewhat confused question whose answer should be
> the opposite of the previous question.
> 
> -- 
> Will Fiveash
> IBM AIX System Development (IPsec/IKE)       
> 

 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847



Follow-Ups: References: