[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEV2: Issue #2: Cipher suites







Tero Kivinen <kivinen@iki.fi> writes:
> This would remove prolems and errors where someone includes suite for
> ESP in the phase 1 or IKE suite for child_sa. The parsing of SA
> payload can be identical but the meaning of the values in the payloads
> should depend on if it is phase 1 or 2 SA negotiation payload.

While negotiating ESP in phase 1 would be illegal, IKE can be negotiated an
a child_sa exchange,
and is used to roll over keys. So the SA payload needs an indicator
somewhere of whether
the proposed SA type is IKE or not. (If not implicitly in the suite ID,
then in a separate field).

          --Charlie

Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).