[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Ipsec] Fwd: I-D ACTION:draft-nir-ikev2-auth-lt-02.txt



Bora Akyol \(bora\) writes:
> This is all nice and sound in theory, but in practice we know that the
> encrypting gateways rarely talk to the end application and neither does
> the vpn software running on the end host.

The whole world is not a VPNs. There is end to end IPsec things. 

> So I suggest the KISS principle as being appropriate here.

I agree, and the easiest is not to have any timers or so, simply a
notify from server saying "Reauthenticate now". That way
implementations can implement any logic they want to, even the time
based one...
-- 
kivinen@xxxxxxxxxxxxxxx

_______________________________________________
Ipsec mailing list
Ipsec@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ipsec