[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Child_SA key material
Currently the spec says use your order #2. Is your concern that the spec is
not clear or that this is not a good order to use?
--Charlie
"David Faucher" <dfaucher@lucent.com> wrote:
> Section 4.16 of draft-ietf-ipsec-ikev2-03.txt
> describes how key material is taken from KEYMAT
> for CHILD-SAs.
>
> If AH and ESP were negotiated would the key material
> be taken as
>
> | 1. AH_ir, AH_ri, ESP_ir(encr, auth), ESP_ri(encr, auth)
> |
> | or
> |
> | 2. AH_ir, ESP_ir(encr, auth), AH_ri, ESP_ri(encr, auth)
>
> where _ir = initiator to responder SA
> _ri = responder to initiator SA