Tero Kivinen <[email protected]> wrote: > This all is done in the server, i.e. instead of using the ID sent over > the wire, the server uses the ID sent over wire as handle to the > table, and fetches the real ID to be used for policy decisions and > authentication from the that table.
> Then psedonym update protocol is run later, after we have done IKEv2
> SA rekey to gain QR for IKEv2 SA too, and that would say update the
> ID_KEY_ID from \x1c747c060d209a223d1f9f51b0351b54 to
> \x7ca765c1972372cecf78184d1a628d05, and next time client comes in he
> does not use the ID_KEYID of \x1c747c060d209a223d1f9f51b0351b54, but
> he uses the new ID_KEY_ID \x7ca765c1972372cecf78184d1a628d05 instead.
I can buy this.
It seems independantly useful to me.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
