Re: why is SA lifetime kilobyte limit disabled in racoon?

To: Greg Troxel <gdt%ir.bbn.com@localhost>
Subject: Re: why is SA lifetime kilobyte limit disabled in racoon?
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Thu, 19 May 2011 20:55:07 -0400

On Thu, May 19, 2011 at 07:22:37PM -0400, Greg Troxel wrote:
> 
> Matthias Drochner <M.Drochner%fz-juelich.de@localhost> writes:
> 
> >> But the key
> >> question is what the other implementions do, and what the standard says.
> >
> > I've just tried OpenBSD's isakmpd (the oldish version in pkgsrc).
> > It initiates a Phase 2 exchange if the soft timeout on its
> > side expires, even if it was responder initially. (It randomizes
> > the soft timeouts to minimize the chance that both sides start
> > the exchange simultanously.)
> > PFC2409 says that both sides can initiate rekeying. "Can" --
> > this is not much of a guideline for implementors.
> 
> True, but it seems the original responder initiating a renegotiation is
> the only reasonable behavior.

At the very least, it would appear to suggest that if the original
initiator rejects an attempt on the part of the original responder to
rekey, that's a bug.

Which is sufficient, no?

Thor

References:
- why is SA lifetime kilobyte limit disabled in racoon?
  - From: Matthias Drochner
- Re: why is SA lifetime kilobyte limit disabled in racoon?
  - From: hsuenaga
- Re: why is SA lifetime kilobyte limit disabled in racoon?
  - From: Greg Troxel
- Re: why is SA lifetime kilobyte limit disabled in racoon?
  - From: Matthias Drochner
- Re: why is SA lifetime kilobyte limit disabled in racoon?
  - From: Greg Troxel

Prev by Date: Re: why is SA lifetime kilobyte limit disabled in racoon?
Next by Date: Re: why is SA lifetime kilobyte limit disabled in racoon?
Previous by Thread: Re: why is SA lifetime kilobyte limit disabled in racoon?
Next by Thread: Re: why is SA lifetime kilobyte limit disabled in racoon?
Indexes:

Home | Main Index | Thread Index | Old Index