[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A question about re-keying

To: ipsec@tis.com
Subject: A question about re-keying
From: Sashidhar Annaluru <avs@lucent.com>
Date: Sat, 30 Jan 1999 13:03:30 -0500
Organization: Lucent Technologies
Sender: owner-ipsec@ex.tis.com

Hi All,

I have two questions about Re-Keying of Phase2 IKE.

1. Can any peer initiate re-keying? Or is there any restriction saying that only
the initiator
    of  first session can initiate subsequent pahse2 re-keying?

2. If there is no such restriction, then I have some confusions about the Proxy
IDs of
    phase2.

Consider the following scenario:

  Initial IKE is done between I1 and R1, where I1 is the initiator and R1 is the

  responder.   For this session I1 sets the ProxyIDs IDci1 and IDcr1 for phase2,

                      where IDci1 is initiator's ProxyID and IDcr1 is the
responder's.

 Now if R1 initiates the re-keying of phse2, then what should it send in
ProxyIDs and how?

     (a)Should it send, the same Proxy IDs IDci1 and IDcr1? or
     (b)Should it swap those two and send IDcr1 as the initiator proxyID (IDci2)
and
                                                               IDci1 as the
responder ProxyID (IDcr2)?

      If it does (a), then isn't it confusing to interpret the proxyIDs? Even
though these
      ProxyIDs make sense for the first session, with respect to the second
session
      (which is re-keying) the initiator is R1 and the initiator's ProxyID is
IDci1. Which is
      not right, because IDci1 is really the I1's proxyID.

Can any body clarify me with this subject, or is there any draft which specifies
these confusions?

Thanks in advance
Sashidhar Annaluru
avs@lucent.com
(908)-582-4105

Follow-Ups:

A question about re-keying

From: Tero Kivinen <kivinen@ssh.fi>

Next by Date: Re: transport-friendly ESP
Next by thread: A question about re-keying
Index(es):
- Main
- Thread