Re: IKEv2 SA rekeying - naming an initial SA

[Nicolas Williams <Nicolas.Williams@sun.com>]

On Tue, Aug 19, 2003 at 09:02:20PM -0400, Charlie_Kaufman@notesdev.ibm.com wrote:
> I believe this functionality was added as a side effect of addressing
> Issue #64 (though it's a little different and might not address all
> imaginable cases). When an SA is rekeyed, the SPI of the old SA is
> now specified, so there is no ambiguity. The binding between the old
> SA and the new is not cryptographic, but in every case I could think of
> the assertion of the SPI by the trusted IKE association defeats the
> same attacks.

My understanding of the text in -9/-10 is that "rekeys" occur under the
protection of the SA being rekeyed.  That suffices, from my p.o.v. to
bind the new SA to the old SA and all that's missing is a session ID
cryptographically bound to the initial IKE_SA KE.

It's more than possible that I misunderstood the text on rekeying in
draft-ietf-ipsec-ikev2-10 - if so I hope it's not too late to fix the
rekeying functionality (and in any case I hope it's not too late to add
the session ID I also need).

Cheers,

Nico
--