[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] Number of Proposals in IKE_SA_INIT exchange for IKE_SA andfirst CHILD_SA ??



You need at least one proposal in an SA payload in message #1, and at 
least one proposal in an SA payload in message #3.

If you do not include an SA payload in message #3, that says that you 
don't want to create a child-SA.

There is no way in the IKEv2 draft to say that you want the same 
cryptosuite for the IKE SA and the child SA

On 13/08/2004, at 11:06, wadood wrote:

> hi,
>
> How may proposals Initiator will send in the first exchange i.e.,
> IKE_SA_INIT. If Initiator wants to make two SAs i.e., IKE_SA and first
> CHILD_SA(piggybacked with IKE_SA) having same cryptographic suite.
>
> Or we can say
> A  single proposal for IKE_SA is sufficed for first CHILD_SA. If
> CHILD_SA uses the same cryptographic suite as of IKE_SA.
>
> Any comments/answers will be highly appreciated.
>
> wadood
>
> _______________________________________________
> Ipsec mailing list
> Ipsec@ietf.org
> https://www1.ietf.org/mailman/listinfo/ipsec
>


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec