[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CREATE_CHILD_SA exchange in IKEv2-05

To: ipsec@lists.tislabs.com
Subject: CREATE_CHILD_SA exchange in IKEv2-05
From: Dan Harkins <dharkins@trpz.com>
Date: Fri, 28 Feb 2003 09:12:53 -0800
Sender: owner-ipsec@lists.tislabs.com

  Towards the end of section 1.3 it says, "Traffic selectors are 
omitted if this CREATE_CHILD_SA request is being used to change the
key of the IKE-SA." What about the suite? Doesn't that determine
whether the request is being used to change the key of the IKE SA?
What would happend if the SA specified an ESP suite but there were
no Traffic Selectors? Also, can the suite change from one IKE SA 
to the next?

  Suggested verbage: "When the CREATE_CHILD_SA request is used to
rekey the IKE SA Traffic Selectors MUST be omitted and the suite
used to negotiate the IKE SA MUST be the same as that from the
IKE_SA_INIT exchange that created the SA being rekeyed."

  thanks,

    Dan.

Prev by Date: RE: Another NAT Traversal question
Next by Date: "Me Tarzan, You Jane" in IKEv2-05
Prev by thread: Re: I-D ACTION:draft-ietf-ipsec-ikev2-tutorial-00.txt
Next by thread: "Me Tarzan, You Jane" in IKEv2-05
Index(es):
- Date
- Thread