IETF Logo Mail Archive

[Ipsec] Comments of draft-eronen-ipsec-ikev2-clarifications-02.txt

Tero Kivinen <kivinen@iki.fi> Thu, 07 April 2005 11:00 UTC

Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA07994 for <ipsec-archive@lists.ietf.org>; Thu, 7 Apr 2005 07:00:12 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJUh7-0003GW-6J; Thu, 07 Apr 2005 06:57:05 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJUh0-0003Eh-Kl for ipsec@megatron.ietf.org; Thu, 07 Apr 2005 06:57:03 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA07787 for <ipsec@ietf.org>; Thu, 7 Apr 2005 06:56:55 -0400 (EDT)
Received: from fireball.acr.fi ([83.145.195.1] helo=mail.kivinen.iki.fi) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJUpX-0004s2-Us for ipsec@ietf.org; Thu, 07 Apr 2005 07:05:48 -0400
Received: from fireball.kivinen.iki.fi (localhost [IPv6:::1]) by mail.kivinen.iki.fi (8.12.11/8.12.10) with ESMTP id j37Ausd7003129 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 7 Apr 2005 13:56:55 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.12.11/8.12.6/Submit) id j37AumEo003126; Thu, 7 Apr 2005 13:56:48 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16981.4592.603521.64579@fireball.kivinen.iki.fi>
Date: Thu, 07 Apr 2005 13:56:48 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: pasi.eronen@nokia.com, paul.hoffman@vpnc.org, ipsec@ietf.org
Subject: [Ipsec] Comments of draft-eronen-ipsec-ikev2-clarifications-02.txt
In-Reply-To: <16978.33154.351915.320602@fireball.kivinen.iki.fi>
References: <16978.33154.351915.320602@fireball.kivinen.iki.fi>
X-Mailer: VM 7.17 under Emacs 21.3.1
X-Edit-Time: 2 min
X-Total-Time: 2 min
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Content-Transfer-Encoding: 7bit
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Content-Transfer-Encoding: 7bit

Tero Kivinen writes:
> Also if we think more about the IKE SA rekeying, I do not think there
> is any reason to do that unless you also do new Diffie-Hellman there
> too. Rekeying IKE SA because of the IKE message ID wrapping is not
> common. The current IKEv2 text is not clear wheather the intension was
> that IKE SA rekey MUST have KE payloads, but I think we should mandate
> them, i.e. say in the NEW-1.3.2 that KE payloads are not optional
> there.

Actually it is clear from the draft-ietf-ipsec-ikev2-17.txt that
Diffie-Hellman parameter is NOT optional when rekeying IKE. The 3.3.3
lists D-H as mandatory type if the protocol is IKE, and the 3.3.2 does
the same in the Transform Type Values table. So KE payloads are not
optional in the NEW-1.3.2.

-----------------------------------------------------------------------
3.3.2 Transform Substructure
...
   Transform Type Values
...
          Diffie-Hellman Group (D-H)      4  (IKE, optional in AH & ESP)
...
3.3.3 Valid Transform Types by Protocol
...
          Protocol  Mandatory Types        Optional Types
            IKE     ENCR, PRF, INTEG, D-H
...
-- 
kivinen@safenet-inc.com

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email