[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] Re: IKEv2 AUTH payload
- To: Bill Sommerfeld <sommerfeld@east.sun.com>
- Subject: Re: [Ipsec] Re: IKEv2 AUTH payload
- From: Nicolas Williams <Nicolas.Williams@sun.com>
- Date: Fri, 16 Apr 2004 17:14:42 -0500
- Cc: Geoffrey Huang <ghuang@cisco.com>, Yoav Nir <ynir@checkpoint.com>, Pasi.Eronen@nokia.com, ipsec@ietf.org
- In-reply-to: <200404162151.i3GLpvQU012761@thunk.east.sun.com>
- List-help: <mailto:ipsec-request@ietf.org?subject=help>
- List-id: IP Security <ipsec.ietf.org>
- List-post: <mailto:ipsec@ietf.org>
- List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
- Mail-followup-to: Bill Sommerfeld <sommerfeld@east.sun.com>,Geoffrey Huang <ghuang@cisco.com>, Yoav Nir <ynir@checkpoint.com>,Pasi.Eronen@nokia.com, ipsec@ietf.org
- References: <40801AE8.7030207@cisco.com> <200404162151.i3GLpvQU012761@thunk.east.sun.com>
- Sender: ipsec-admin@ietf.org
- User-agent: Mutt/1.4i
On Fri, Apr 16, 2004 at 05:51:57PM -0400, Bill Sommerfeld wrote:
> > I'm not too familiar with the various user authentication methods,
> > but do any of these methods support the notion of an authentication
> > lifetime?
>
> Yes. (Kerberos is a notable example).
And plain old PKI too, since certificates have expiration dates.
Suppose you're using something like kx509 to get short-lived certs
issued after authenticating with Kerberos V... presumably you'd want
sessions authenticated with such certs to expire when the certs do.
Nico
--
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec