It is my belief/memory that IKEv2 implementations should NOT limit SA (PARENT or CHILD) lifetimes based upon certificate lifetime or CRL lifetime.
Neither rfc4945 (pki4ipsec) nor rfc7296 seems to confirm or deny this. Yet, I'm sure that this was consensus at some point. Maybe I've mis-remembered? What document did I miss? -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
