RE: I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.txt
"Mason, David" <David_Mason@nai.com> Fri, 27 July 2001 17:05 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f6RH5xs26355; Fri, 27 Jul 2001 10:05:59 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id MAA13799 Fri, 27 Jul 2001 12:17:04 -0400 (EDT)
Message-ID: <8894CA1F87A5D411BD24009027EE7838128218@ROC-76-204.nai.com>
From: "Mason, David" <David_Mason@nai.com>
To: 'Scott Fanning' <sfanning@cisco.com>, Michael Thomas <mat@cisco.com>
Cc: ipsec@lists.tislabs.com
Subject: RE: I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.txt
Date: Fri, 27 Jul 2001 09:21:51 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
> One of my motivations of this draft was to "gently" push for a son-of-ike. I > would love to see the ACK'd notify messages in Son-of-ike or maybe > recognition that this is a stateful protocol that either requires connection > based transport, or better defined robustness in the draft. I still think > that, until that day comes, this is still a useful proposal. Maybe this > could be in the son-of-ike as well. Hopefully son-of-ike will incorporate draft-ietf-ipsec-ike-hash-revised-02.txt in which case phase 1 responder lifetimes can be protected within the phase 1 exchange. Although this info would then be exposed in Aggressive Mode (or the AM replacement if there is one in son-of-ike), it will at least be protected from modification under the revised hash. I have seen many implementations that already send IKE responder lifetimes. In RFC2407 when it mentioned using the cookies for the SPI that's what I thought it was referring to (IKE not IPsec responder-lifetime). In the spirit of be strict in what you send and forgiving in what you'll accept it should be noted that the receiver of IKE responder lifetimes SHOULD accept a Notify DOI field of IPSEC (1) as well as IKE (0). -dave
- I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.txt Internet-Drafts
- I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.txt Michael Thomas
- Re: I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.t… Scott Fanning
- Re: I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.t… Michael Thomas
- Re: I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.t… Scott Fanning
- RE: I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.t… Mason, David
- Re: I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.t… Scott Fanning
- RE: I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.t… Geoffrey Huang