[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-ikev2-04.txt

To: ipsec@xxxxxxxxxxxxxxxxx
Subject: Re: draft-ietf-ipsec-ikev2-04.txt
From: Michael Richardson <mcr@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 10 Jan 2003 11:50:38 -0800
In-reply-to: Your message of "Thu, 09 Jan 2003 13:52:25 +0200." <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Ari" == Ari Huttunen <Ari.Huttunen@xxxxxxxxxxxx> writes:
    Ari> Also, IMHO, INTERNAL_ADDRESS_EXPIRY attribute should not exist. It's
    Ari> a way to negotiate connection lifetime. It would be more in the spirit
    Ari> of IKEv2 if the GW would enforce this by forcing a connection re-key
    Ari> and would CFG_SET a new IP address if it needs to change (both in the
    Ari> same message pair).

  Strongly agree. Get rid of lifetime info. Just rekey when you feel you should.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPh8kDIqHRg3pndX9AQEDvgQAsMwSWbrTWrM4+A1EI7myhEhGYnlpkt5W
jqpaqd2gBYwI2Zx5N3OWNQGe7MyJIqsCto/t4MlusAYYy1uHzaql31lNjcVsqPm9
LxQWmhwMqCTLGL3Is1IgjWPz6aEV+/bUrM3l8lEtd6HfVtpGUW37I9vSqNXCYlrB
AYxq6W9U+gg=
=NCXA
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: draft-ietf-ipsec-ikev2-04.txt
  - From: Bill Sommerfeld

References:
- Re: draft-ietf-ipsec-ikev2-04.txt
  - From: Ari Huttunen

Prev by Date: I-D ACTION:draft-ietf-ipsec-ikev2-04.txt
Next by Date: Re: AES cipher suites
Previous by thread: Re: draft-ietf-ipsec-ikev2-04.txt
Next by thread: Re: draft-ietf-ipsec-ikev2-04.txt
Index(es):
- Date
- Thread