[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKEv2 SA rekeying - naming an initial SA

To: ipsec@lists.tislabs.com
Subject: IKEv2 SA rekeying - naming an initial SA
From: Nicolas Williams <Nicolas.Williams@sun.com>
Date: Mon, 18 Aug 2003 11:25:32 -0700
Cc: Mike Eisler <mike@eisler.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mutt/1.4i

I'm glad to see that there is some SA rekeying functionality in IKEv2
that is somewhat like the rekeying functionality in SSHv2, that is, that
a new SA can be established under the protection of and bound to a
previous (still live) SA.

Now, if only there was a concept similar to the SSHv2 session ID.  (Or
is it there and I just missed it?)

If there is no IKEv2 equivalent to the SSHv2 session ID, I would like to
have one defined.

We have a need for a way to name a [transport mode] SA and its rekeyed
replacements where the name is cryptographically bound to the initial SA
key exchange.

See:

http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-ccm-01.txt

(and please note that we already know that sections 5.1 and 5.2 of
draft-ietf-nfsv4-ccm-01.txt are wrong.)

Thanks,

Nico
--

Follow-Ups:
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Charlie_Kaufman@notesdev.ibm.com

Prev by Date: I-D ACTION:draft-ietf-ipsec-ikev2-algorithms-03.txt
Next by Date: Unfixed errors and issues indraft-ietf-ipsec-ikev2-algorithms-03.txt
Prev by thread: I-D ACTION:draft-ietf-ipsec-ikev2-algorithms-03.txt
Next by thread: Re: IKEv2 SA rekeying - naming an initial SA
Index(es):
- Date
- Thread