interoperability issue with 'lifekbytes'

[Arun Kumar <arun_mc@intotoinc.com>]

Hi,

 Sorry, my previous message format was bad. I'm resending it with proper 
format.

 We are frequently encountering interoperability problems
  with 'lifekbytes' configuration. Different vendors accept/implement
  different ways. Having consistent method mentioned in the
  standards will help eliminating/reducing the mis-interpretation.
  Any feedback on following interoperability issue from WG
  is appreciated.
 
   Security Gateway1--------------------Security Gateway2
 
  Admin at SG1 configured the IPSEC security policy 
  indicating that 'lifekbytes' is not expected. 
  SG2 sends QM SA payload with lifekbytes attribute with some
  value. Should SG1 accept the SA payload OR should it deny
  the SA payload.
 
  We feel that, since local admin made a choice that lifekbytes
  is not required/expected, it should deny the SA negotiation.
  What is the right thing to do? Also, we feel that by having
  consistent configuration on both ends will eliminate the 
  confusion. 
 
  Related question:
  What happens when SG1 starts the quick mode?
  Should SG2 deny the negotiation as it expected lifekbytes 
  attribute, but there is no 'lifekbytes' attribute coming from SG1?
 
  We feel that, for both cases to work, it is better to have
  same configuration on both ends so that it works consistently
  and give choice to the administrators.
 
Thanks in advance,
Arun