[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Ipsec] Fwd: I-D ACTION:draft-nir-ikev2-auth-lt-02.txt
Bora Akyol \(bora\) writes:
> This is all nice and sound in theory, but in practice we know that the
> encrypting gateways rarely talk to the end application and neither does
> the vpn software running on the end host.
The whole world is not a VPNs. There is end to end IPsec things.
> So I suggest the KISS principle as being appropriate here.
I agree, and the easiest is not to have any timers or so, simply a
notify from server saying "Reauthenticate now". That way
implementations can implement any logic they want to, even the time
Ipsec mailing list