[Ipsec] Reauthentication in IKEv2

[Jyothi <vjyothi at intotoinc.com>]

> Hi,
>
> I have doubt here.
>
> Even if IKE wants to re-authenticate, it does not know about IPSEC 
> information.
>
> In AUTH exchange, negotiating IPSEC information is MUST (SAi2, SAr2  and 
> Traffic selector payloads).
>
> Again if we want to do IKE exchange for re-authentication only, Why does 
> it requires to send IPSEC information??
>
> I think we may need have one more notify type (REAUTHENTICATION) in AUTH 
> exchange.
>
> If that notify type is received then it ignores the CHILD SA information.
>
>
> Thanks
> Jyothi
>
>
>
> At 08:58 PM 11/10/04 -0500, you wrote:
> > On Wed, 2004-11-10 at 20:27, Geoffrey Huang wrote:
> >
> > > I can see arguments from both sides, I guess.  Even with your re-auth
> > > scheme, a value of "0" seconds could mean "do it now," right?
> >
> > I'd think so; I'd also hope that the encoding should also allow for
> > "reauth in 8 hours" notifications as well.
> >
> > As was pointed out in the secsh working group yesterday for a related
> > user-authentication timeout, there are also accessibility concerns here;
> > some people enter text *very* slowly; 3 minutes may not be sufficient
> > for some.
> >
> >                                                 - Bill
> >
> >
> >
> >
> > _______________________________________________
> > Ipsec mailing list
> > Ipsec at ietf.org
> > https://www1.ietf.org/mailman/listinfo/ipsec


_______________________________________________
Ipsec mailing list
Ipsec at ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec