[Ipsec] Comments of draft-eronen-ipsec-ikev2-clarifications-02.txt
Tero Kivinen <kivinen@iki.fi> Thu, 07 April 2005 11:00 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA07994 for <ipsec-archive@lists.ietf.org>; Thu, 7 Apr 2005 07:00:12 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJUh7-0003GW-6J; Thu, 07 Apr 2005 06:57:05 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJUh0-0003Eh-Kl for ipsec@megatron.ietf.org; Thu, 07 Apr 2005 06:57:03 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA07787 for <ipsec@ietf.org>; Thu, 7 Apr 2005 06:56:55 -0400 (EDT)
Received: from fireball.acr.fi ([83.145.195.1] helo=mail.kivinen.iki.fi) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJUpX-0004s2-Us for ipsec@ietf.org; Thu, 07 Apr 2005 07:05:48 -0400
Received: from fireball.kivinen.iki.fi (localhost [IPv6:::1]) by mail.kivinen.iki.fi (8.12.11/8.12.10) with ESMTP id j37Ausd7003129 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 7 Apr 2005 13:56:55 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.12.11/8.12.6/Submit) id j37AumEo003126; Thu, 7 Apr 2005 13:56:48 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16981.4592.603521.64579@fireball.kivinen.iki.fi>
Date: Thu, 07 Apr 2005 13:56:48 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: pasi.eronen@nokia.com, paul.hoffman@vpnc.org, ipsec@ietf.org
Subject: [Ipsec] Comments of draft-eronen-ipsec-ikev2-clarifications-02.txt
In-Reply-To: <16978.33154.351915.320602@fireball.kivinen.iki.fi>
References: <16978.33154.351915.320602@fireball.kivinen.iki.fi>
X-Mailer: VM 7.17 under Emacs 21.3.1
X-Edit-Time: 2 min
X-Total-Time: 2 min
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Content-Transfer-Encoding: 7bit
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Content-Transfer-Encoding: 7bit
Tero Kivinen writes: > Also if we think more about the IKE SA rekeying, I do not think there > is any reason to do that unless you also do new Diffie-Hellman there > too. Rekeying IKE SA because of the IKE message ID wrapping is not > common. The current IKEv2 text is not clear wheather the intension was > that IKE SA rekey MUST have KE payloads, but I think we should mandate > them, i.e. say in the NEW-1.3.2 that KE payloads are not optional > there. Actually it is clear from the draft-ietf-ipsec-ikev2-17.txt that Diffie-Hellman parameter is NOT optional when rekeying IKE. The 3.3.3 lists D-H as mandatory type if the protocol is IKE, and the 3.3.2 does the same in the Transform Type Values table. So KE payloads are not optional in the NEW-1.3.2. ----------------------------------------------------------------------- 3.3.2 Transform Substructure ... Transform Type Values ... Diffie-Hellman Group (D-H) 4 (IKE, optional in AH & ESP) ... 3.3.3 Valid Transform Types by Protocol ... Protocol Mandatory Types Optional Types IKE ENCR, PRF, INTEG, D-H ... -- kivinen@safenet-inc.com _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] Comments of draft-eronen-ipsec-ikev2-clar… Tero Kivinen
- [Ipsec] Comments of draft-eronen-ipsec-ikev2-clar… Tero Kivinen
- [Ipsec] Clarifying the use of INITIAL_CONTACT in … Paul Hoffman
- RE: [Ipsec] Clarifying the use of INITIAL_CONTACT… Geoffrey Huang
- RE: [Ipsec] Comments of draft-eronen-ipsec-ikev2-… Pasi.Eronen
- RE: [Ipsec] Comments of draft-eronen-ipsec-ikev2-… Paul Hoffman
- RE: [Ipsec] Comments of draft-eronen-ipsec-ikev2-… Pasi.Eronen
- RE: [Ipsec] Comments of draft-eronen-ipsec-ikev2-… Geoffrey Huang