| Re: Re: issue 361: child key expiry | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Mon, 8 May 2006 08:57:16 -0700 (PDT) | |
Re: caching of MSKs by IKEv2. I agree with Bernard that this seems to go beyond what current RFCs say, and I also suspect that there are issues that we'd like to understand before such usage could be allowed. For instance, if my AAA server gives you an MSK to use for IKEv2 login, letting you use that key multiple times would create interesting interactions with concurrent session tracking. Re: EMSK lifetime spec. I don't see a fundamental problem in specifying some general characteristics of the entire key hierarchy in the keying framework doc, even if we should develop some specific parts of the hierarchy in some other documents. Personally, the current lifetime text is appealing mainly because its so simple -- all derived keys should expire latest when the exported material expires. This is also good for cache management. --Jari
- RE: Re: issue 361: child key expiry, (continued)
- Message not available
- RE: Re: issue 361: child key expiry Lakshminath Dondeti, May 3 2006
- Message not available
- RE: Re: issue 361: child key expiry Lakshminath Dondeti, May 4 2006
- Re: Re: issue 361: child key expiry Jari Arkko, May 8 2006
- Re: Re: issue 361: child key expiry Lakshminath Dondeti, May 8 2006
- Re: Re: issue 361: child key expiry Jari Arkko, May 8 2006
Results generated by Tiger Technologies using MHonArc.