On Sep 13, 2005, at 21:24, KAMADA Ken'ichi wrote:
Do you assume that the SA lifetime is truncated to the ticket endtime?
For some reason I was thinking it was, but now I see nothing in the draft to support that.
Is the lifetime of application session limited to the service ticket in usual Kerberized applications? I.e., if I (kerberized-)telnet to a remote host with a service ticket, what will happen when the ticket expires? Is the telnet session disconnected? # I can't find something on this in RFC 4120 or RFC 2942.
It depends on the application. Sometimes the session dies immediately, sometimes the session is kept open indefinitely.
Sorry, I should've checked more closely....
Then so long as the IKE phase 2 negotiations have the ability for the receiver to minimize the lifetime (which I think it does), then I don't really think there's much if anything that the spec needs to say about this.