[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SA Attribute Negotiation

To: "'Greg Carter'" <carterg@xxxxxxxxxxx>, "'Daniel Harkins'" <dharkins@xxxxxxxxx>
Subject: RE: SA Attribute Negotiation
From: Roy Pereira <rpereira@xxxxxxxxxxxx>
Date: Thu, 12 Dec 1996 19:48:11 -0500
Cc: "'ipsec@xxxxxxx'" <ipsec@xxxxxxx>, "'isakmp-oakley@xxxxxxxxx'" <isakmp-oakley@xxxxxxxxx>
Sender: owner-ipsec@xxxxxxxxxx

>> I am a little unclear as to how to negotiate variable length SA
>> attributes, such as any of the Duration attributes.
>> 
>> Are these variable length attributes non negotiable?  Simply stated by
>> the initiator and accepted by the responder?
>> 
>> If not how are we supposed to handle differences in values?  It would
>> seem impractical to reject a proposal because the requested Key Duration
>> was not exactly that expected.  Is it local policy as to what to do
>> (i.e. accept shorter durations, but reject longer)?

I would like to see a standard length for some of the attributes, like
key durations.  If we decide upon a 32 bit integer to represent these
and other values, then all implementations would be able to handle these
attributes correctly.

But if one implementation sends out a key duration of 1^199 seconds and
codes it as a 128 bit integer, a lot of implementations will not be able
to utilize it and thus it will not accept that proposal.  We need to
define standard variable attribute that has a lenth of 32 bits.  This
would be used by attributes that need integers as values, but that can't
or dont wish to represent them as 16-bits with a basic attribute.

Prev by Date: Status of SKIP/ISAKMP/Oakley
Next by Date: Another SA Attribute Question
Previous by thread: Re: SA Attribute Negotiation
Next by thread: RE: SA Attribute Negotiation
Index(es):
- Date
- Thread