[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Question about New Group mode
Hi, Dan,
I have a question regarding New Group mode.
Is it possible for ISAKMP responder to initiate New Group mode
after performing phase 1 negotiating? (Imagine two hosts, A and B;
if local policy on host A dictates that it must use private DH group
with host B, and host B initiated phase 1 not offering that group,
what should host A do: wait in hope that host be B will sometime
negotiate that group or try to do it by itself?).
Draft doesn't explicitly prohibit this, it only states that New Group
mode MUST only follow phase 1 (section 5.6).
Regards, Valery Smyslov.
Follow-Ups: