[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Aggressive mode fallback to main mode




Questions to the group:

- Is it normal IKE behavior by vendors that don't support aggressive mode to
process the first message as a main mode message? or MUST you respond to a
aggressive mode with a "INVALID-EXCHANCE-TYPE". Can an implementation
initiate in aggressive mode and see if the response is main or aggressive
and process the rest of the exchange in that mode? (Of course, this limits
all transforms to having the same DH group, your aggressive mode must be
correct)

- If I initiate in aggressive mode and time out, can I assume that the other
machine does not support IKE?

Thanks, Ylian Saint-Hilaire
Intel (CAL) Communication Architecture Labs


Follow-Ups: