RE: Lifetime & rekeying

[Ramana Yarlagadda <ramana@chiplogic.com>]

Yes, the RFC doesn't talk about , how to derive the softlife time
value . but  section 4.4.3 ,  talks about the guide lines and
it is clear from the RFC that it is implementation specific.

Long time back there was a draft from Tim Jenkins about IPSec
re-keying issues. And if i remember even that doesn't talk about
the , specific values (to derive softlife time values)

-ramana

At 07:22 PM 2/20/02 -0800, Andrew Wenlang Zhu wrote:
>Rohit:
>
>I did not find crystal clear statement in existing RFC about when to
>re-negotiate a new SA for a dying one,  though soft lifetime trig a new
>negotiation is a good practice.
>
>I only recall that Linux FreeSwan group come up with a implementation
>"Draft" including discussion on this issues.
>
>Andrew
>
>
> >-----Original Message-----
> >From: owner-ipsec@lists.tislabs.com
> >[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of arohit@miel.mot.com
> >Sent: Wednesday, February 20, 2002 2:58 PM
> >To: Shetty, Snehal S; 'ipsec@lists.tislabs.com'
> >Subject: Re: Lifetime & rekeying
> >
> >
> >Snehal,
> >        softlifetime expiry of IPSEC SA will trigger the key
> >manager to
> >renegotiate for the dying SA , The successful  key exchange
> >will result in
> >new pair of keys for new SA.
> >
> >-Rohit
> >At 12:46 PM 2/20/2002 -0700, Shetty, Snehal S wrote:
> >>
> >>
> >>I am trying to understand what happens after an IPSEC SA reaches its
> >>Lifetime. I know that another SA is established before the
> >previous SA goes
> >>down but is there a new key used on this SA, if IKE is configured with
> >>pre-shared keys.
> >>
> >>
> >>Thanks
> >>
> >
> >
> >