[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Child_SA key material

To: "David Faucher" <dfaucher@lucent.com>
Subject: Re: Child_SA key material
From: Charlie_Kaufman@notesdev.ibm.com
Date: Fri, 29 Nov 2002 21:30:06 -0500
Cc: ipsec@lists.tislabs.com, owner-ipsec@lists.tislabs.com
In-Reply-To: <017001c294c9$63a46250$23f22b42@mv.lucent.com>
Sender: owner-ipsec@lists.tislabs.com





Currently the spec says use your order #2. Is your concern that the spec is
not clear or that this is not a good order to use?

      --Charlie

"David Faucher" <dfaucher@lucent.com> wrote:
> Section 4.16 of draft-ietf-ipsec-ikev2-03.txt
> describes how key material is taken from KEYMAT
> for CHILD-SAs.
>
> If AH and ESP were negotiated would the key material
> be taken as
>
> |     1. AH_ir, AH_ri, ESP_ir(encr, auth), ESP_ri(encr, auth)
> |
> |           or
> |
> |     2. AH_ir, ESP_ir(encr, auth), AH_ri, ESP_ri(encr, auth)
>
> where _ir = initiator to responder SA
>       _ri = responder to initiator SA

Follow-Ups:
- Re: Child_SA key material
  - From: "David Faucher" <dfaucher@lucent.com>

Prev by Date: Handling of IPcomp in IKEv2
Next by Date: Re: NAT Traversal in IKEv2
Prev by thread: Re: Handling of IPcomp in IKEv2
Next by thread: Re: Child_SA key material
Index(es):
- Date
- Thread