| Re: Proposed Resolution to issue 318: IKEv2 | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Wed, 11 Jan 2006 09:52:20 -0800 (PST) | |
The above paragraph is referring only to the Key-Lifetime parameter exported by EAP methods, not to the Session-Timeout attribute. With VPN, Session-Timeout is used to limit the VPN session time. However, the point is that in this case Session-Timeout does not represent the MSK lifetime, which is zero (e.g. MSK is not cached).
Yes. OK.
Potential rewrite:
the EAP method that is used. IKEv2 does not cache EAP keying material or parameters. As result, once IKEv2 authentication completes it is assumed that EAP keying material and parameters are discarded. The Session-Timeout attribute is therefore interpretted as a limit on the VPN session time, rather than an indication of the MSK key lifetime.
Works for me. s/etted/eted/, I think.
--Jari
-
Proposed Resolution to issue 318: Transient Session Keys Bernard Aboba, January 8 2006
-
Re: Proposed Resolution to issue 318: Transient Session Keys Jari Arkko, January 11 2006
-
Re: Proposed Resolution to issue 318: IKEv2 Bernard Aboba, January 11 2006
- Re: Proposed Resolution to issue 318: IKEv2 Jari Arkko, January 11 2006
-
Re: Proposed Resolution to issue 318: IKEv2 Bernard Aboba, January 11 2006
-
Re: Proposed Resolution to issue 318: Transient Session Keys Jari Arkko, January 11 2006
- RE: Proposed Resolution to issue 318: Transient Session Keys Nakhjiri Madjid-MNAKHJI1, January 10 2006
Results generated by Tiger Technologies using MHonArc.