[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SOI QUESTIONS: 2.1 Identity protection questions?

To: "'Ari Huttunen'" <Ari.Huttunen@f-secure.com>
Subject: RE: SOI QUESTIONS: 2.1 Identity protection questions?
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: 20 Jun 2002 10:36:05 -0400
Cc: "'IP Security List'" <ipsec@lists.tislabs.com>
Importance: Normal
In-Reply-To: <3D11C350.E3532D23@F-Secure.com>
Reply-To: andrew.krywaniuk@alcatel.com
Sender: owner-ipsec@lists.tislabs.com

> > 2.1.D.)  Does SOI need to provide protection against active
> > attacks for the responder?
> NO
>
> Note that this has implications for re-keying: the responder may
> not be able to initiate re-keying if that implies re-authenticating.
> I know some gateway vendors for some reason wish to do that.

Without a responder lifetime notify or some kind of negotiated lifetimes,
you can't control who rekeys first.

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.

Follow-Ups:
- Re: SOI QUESTIONS: 2.1 Identity protection questions?
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>

References:
- Re: SOI QUESTIONS: 2.1 Identity protection questions?
  - From: Ari Huttunen <Ari.Huttunen@f-secure.com>

Prev by Date: Re: SOI QUESTIONS: 2.3 Authentication styles
Next by Date: Re: SOI QUESTIONS: 2.1 Identity protection questions?
Prev by thread: Re: SOI QUESTIONS: 2.1 Identity protection questions?
Next by thread: Re: SOI QUESTIONS: 2.1 Identity protection questions?
Index(es):
- Date
- Thread