On Oct 30, 2013, at 12:32 PM, Valery Smyslov <sva...@gmail.com> wrote:
>>> I think, that it could be solved, if we define new notification, >>> that could be optionally sent from gateway to client, informing him >>> that gateway is going to delete IKE SA in some time >>> interval (indicating that interval in the notification). >>> If cafr is supported by client and he is willing to use it, >>> client will start re-authentication before the end of >>> the interval. If not - gateway will just delete IKE SA >>> after the interval has ended. >> >> Good idea! :-) >> >> http://tools.ietf.org/html/rfc4478 > > Sorry, I completely forgot about this RFC. > Happened funny :-) > >> Think I should mention that in the draft? > > I think yes. > BTW, it is only experimental, while your draft's intended status is standards > track. At one time I asked Pasi (the security AD at the time) about updating it to PS (there were 3-4 interoperating implementations at the time), and he said that it wasn't worth the trouble because even full standards could reference it - downrefs are allowed. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
