[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKE Rekeying

Title: IKE Rekeying
Yes, I still monitor the list.
 
I did plan to update the draft referred to by Stephane in an attempt to submit it as informational, but I won't be doing that. The major changes needed (that I recall) were
1) related to the section that suggested there was a weakness in the responder pre-setup mechanism (many felt that the weakness was not significant)
2) removal of references to non-RFC documents.
There were probably others; you could get hints to those by checking the archives.
 
In any case, anyone is free to resurrect it if they feel so inclined.
-----Original Message-----
From: Stephane Beaulieu [mailto:stephane@cisco.com]
Sent: Friday, May 18, 2001 4:19 PM
To: Jerome Freedman Jr; ipsec@lists.tislabs.com
Cc: Jay Xiong
Subject: Re: IKE Rekeying

There was a draft written by Tim Jenkins before he retired from IPsec ;)  ( I know you still monitor the lists though Tim :)
 
There was a lack of consensus in the typical IPsec fashion with 1 or 2 very loud voices against it (particularly his concept of Continuous Channel), and Tim gave up on it when he left TimeStep.  It has a lot of very good, very detailed analysis.  There was definitely more agreement with his phase 2 rekeying analysis than his phase 1 rekeying analysis, in case that's what you were looking for.
 
Some people comply with this expired draft, and some don't.  So don't assume interoperability if you implement it.  But it is definitely worth reading if you have rekeying decisions to make.
 
I'll send a copy to you in a private email.
 
Stephane.
----- Original Message -----
From: Jerome Freedman Jr
To: 'ipsec@lists.tislabs.com'
Cc: Jay Xiong
Sent: Friday, May 18, 2001 2:41 PM
Subject: IKE Rekeying


Hi,

   Has anyone done any work on IKE rekeying? Are there any drafts? Anybody want to write one?


Jerry Freedman,Jr