[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lifetimes

To: "Christian Franzen" <CFranzen@gmx.de>
Subject: Re: lifetimes
From: Dan Harkins <dharkins@cips.nokia.com>
Date: Thu, 01 Feb 2001 17:09:07 -0800
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Fri, 02 Feb 2001 01:34:02 +0100." <NEBBIOLCMLIFOCCBMPBHKEKFCBAA.CFranzen@gmx.de>
Sender: owner-ipsec@lists.tislabs.com

  Hi Christian,

  The lifetime used really depends on what the users of your routers
want. You should allow for both seconds and KB to be specified. Most 
people I know feel that when the two protocols are negotiated together 
to protect one type of traffic that they should be deleted/rekeyed as
a pair. So if the lifetime counter for one gets hit before the
lifetime counter for another they are both rekeyed. Doing so would
make your boxes more interoperable with existing implementations.

  What company do you work for?

  regards,

  Dan.

On Fri, 02 Feb 2001 01:34:02 +0100 you wrote
> Hi,
> 
> while implementing IPSec on our Routers, I got into trouble. It would be
> great if you could help me:
> 
> Which lifetime is typically used, when defining a combination of IPSec
> protocols, e.g. ESP+AH, with different lifetimes for each protocol?
> One for all, each seperately or...?
> What are todays' implementations doing?
> 
> Thanks a lot for your help
> Christian
> 
> CFranzen@elsa.de
>

References:

lifetimes

From: "Christian Franzen" <CFranzen@gmx.de>

Prev by Date: lifetimes
Next by Date: Re: ipsec error protocol
Prev by thread: lifetimes
Next by thread: Re: Increased sequence number in ESP/AH
Index(es):
- Main
- Thread