[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ticket and SA lifetime (Re: kink-09)




Ken Raeburn wrote:

On Sep 13, 2005, at 21:24, KAMADA Ken'ichi wrote:


Do you assume that the SA lifetime is truncated to the ticket endtime?


For some reason I was thinking it was, but now I see nothing in the draft to support that.

Is the lifetime of application session limited to the service ticket
in usual Kerberized applications?
I.e., if I (kerberized-)telnet to a remote host with a service ticket,
what will happen when the ticket expires?  Is the telnet session
disconnected?
# I can't find something on this in RFC 4120 or RFC 2942.


It depends on the application. Sometimes the session dies immediately, sometimes the session is kept open indefinitely.

Sorry, I should've checked more closely....

Then so long as the IKE phase 2 negotiations have the ability for the receiver to minimize the lifetime (which I think it does), then I don't really think there's much if anything that the spec needs to say about this.

Mike