[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question about New Group mode



Hi, Dan,

I have a question regarding New Group mode.

Is it possible for ISAKMP responder to initiate New Group mode 
after performing phase 1 negotiating? (Imagine two hosts, A and B; 
if local policy on host A dictates that it must use private DH group 
with host B, and host B initiated phase 1 not offering that group, 
what should host A do: wait in hope that host be B will sometime 
negotiate that group or try to do it by itself?).

Draft doesn't explicitly prohibit this, it only states that New Group 
mode MUST only follow phase 1 (section 5.6).

Regards, Valery Smyslov.


Follow-Ups: