RE: [Ipsec] Number of Proposals in IKE_SA_INIT exchange for IKE_SAandfirst CHILD_SA ??

["Yoav Nir" <ynir@checkpoint.com>]

Whoops.  For some reason I though it was possible to make an initial
exchange without creating child SAs.  Was it removed in some recent version
of the draft?

-----Original Message-----
From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf Of
Tero Kivinen
Sent: Monday, August 23, 2004 1:11 PM
To: Yoav Nir
Cc: ipsec@ietf.org; wadood
Subject: Re: [Ipsec] Number of Proposals in IKE_SA_INIT exchange for IKE_SA
andfirst CHILD_SA ??

Yoav Nir writes:
> You need at least one proposal in an SA payload in message #1, and at 
> least one proposal in an SA payload in message #3.
> 
> If you do not include an SA payload in message #3, that says that you 
> don't want to create a child-SA.

SAi2, and SAr2 are not optional in the current draft, thus there is
no way not to create the child-SA during the initial IKE exchange. 
-- 
kivinen@safenet-inc.com

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec