[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Multiple transforms in New Group mode

To: "Valery Smyslov" <svan@trustworks.com>
Subject: Multiple transforms in New Group mode
From: Tero Kivinen <kivinen@ssh.fi>
Date: Thu, 3 Feb 2000 16:45:52 +0200 (EET)
Cc: ipsec@lists.tislabs.com
In-Reply-To: <200002031052.NAA15642@relay1.trustworks.com>
Organization: SSH Communications Security Oy
References: <200002031052.NAA15642@relay1.trustworks.com>
Sender: owner-ipsec@lists.tislabs.com

Valery Smyslov writes:
> I have a question regarding New Group mode. Is it possible to put 
> multiple transforms proposing different groups into one SA in New 
> Group mode?

Yes. 

> IKE says nothing about this, so it is not explicitly 
> prohibited. However, if it is allowed, what semantics does it have 
> for responder? Should responder select only one group (usual SA 
> semantics) or is he/she allowed to select multiple of them, or must 
> he/she always accept/reject all the proposals?

He must select only one group. 

> How other vendors handle this situation?

At least that is what we do in that situation. 
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

References:

Multiple transforms in New Group mode

From: "Valery Smyslov" <svan@trustworks.com>

Prev by Date: Multiple transforms in New Group mode
Next by Date: Denial of Service Testing Results
Prev by thread: Multiple transforms in New Group mode
Next by thread: Denial of Service Testing Results
Index(es):
- Main
- Thread