ipsec September 2010 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: [IPsec] draft-welter-ipsecme-ikev2-reauth-00

[IPsec] draft-welter-ipsecme-ikev2-reauth-00

From: Keith Welter <welterk_at_nospam>
Date: Tue Sep 28 2010 - 20:03:21 GMT
To: ipsec@ietf.org

A new version of I-D, draft-welter-ipsecme-ikev2-reauth-00.txt has been
successfully submitted by Keith Welter and posted to the IETF repository.

Filename: draft-welter-ipsecme-ikev2-reauth
Revision: 00
Title: Reauthentication Extension for IKEv2
Creation_date: 2010-09-28
WG ID: Independent Submission
Number_of_pages: 10

This document extends the Internet Key Exchange (IKEv2) Protocol
document [IKEv2]. IKEv2 reauthentication does not scale well when an
IKE SA has multiple Child SAs because each Child SA of the IKE SA to
be reauthenticated must be renegotiated. In addition,
reauthentication is susceptible to the same kinds of exchange
collisions as those that may occur during rekeying. This document
describes a mechanism to detect reauthentication and avoid
renegotiating the Child SAs. In addition, this document describes
proper handling of exchange collisions that may occur during

The IETF Secretariat.

IPsec mailing list