[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IKEv2 SA rekeying - naming an initial SA
I'm glad to see that there is some SA rekeying functionality in IKEv2
that is somewhat like the rekeying functionality in SSHv2, that is, that
a new SA can be established under the protection of and bound to a
previous (still live) SA.
Now, if only there was a concept similar to the SSHv2 session ID. (Or
is it there and I just missed it?)
If there is no IKEv2 equivalent to the SSHv2 session ID, I would like to
have one defined.
We have a need for a way to name a [transport mode] SA and its rekeyed
replacements where the name is cryptographically bound to the initial SA
key exchange.
See:
http://www.ietf.org/internet-drafts/draft-ietf-nfsv4-ccm-01.txt
(and please note that we already know that sections 5.1 and 5.2 of
draft-ietf-nfsv4-ccm-01.txt are wrong.)
Thanks,
Nico
--