[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] Number of Proposals in IKE_SA_INIT exchange for IKE_SA andfirst CHILD_SA ??
You need at least one proposal in an SA payload in message #1, and at
least one proposal in an SA payload in message #3.
If you do not include an SA payload in message #3, that says that you
don't want to create a child-SA.
There is no way in the IKEv2 draft to say that you want the same
cryptosuite for the IKE SA and the child SA
On 13/08/2004, at 11:06, wadood wrote:
> hi,
>
> How may proposals Initiator will send in the first exchange i.e.,
> IKE_SA_INIT. If Initiator wants to make two SAs i.e., IKE_SA and first
> CHILD_SA(piggybacked with IKE_SA) having same cryptographic suite.
>
> Or we can say
> A single proposal for IKE_SA is sufficed for first CHILD_SA. If
> CHILD_SA uses the same cryptographic suite as of IKE_SA.
>
> Any comments/answers will be highly appreciated.
>
> wadood
>
> _______________________________________________
> Ipsec mailing list
> Ipsec@ietf.org
> https://www1.ietf.org/mailman/listinfo/ipsec
>
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec