rfc.4478 - Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
This document extends the Internet Key Exchange (IKEv2) Protocol
document [IKEv2]. With some IPsec peers, particularly in the remote
access scenario, it is desirable to repeat the mutual authentication
periodically. The purpose of this is to limit the time that security
associations (SAs) can be used by a third party who has gained
control of the IPsec peer. This document describes a mechanism to
perform this function.