[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: RE: [Ipsec] Rekey IKE SA
From: "Geoffrey Huang" <ghuang () cisco ! com>
Date: 2005-01-24 17:15:36
Message-ID: 200501241715.BAX73992 () mira-sjc5-b ! cisco ! com
[Download RAW message or body]
I believe it means that while the SPIs in the IKE header are for the parent
SA, the SPIs supplied in the SA payload are for the rekey SA.
-g
> -----Original Message-----
> From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org]
> On Behalf Of Tom Stiemerling
> Sent: Monday, January 24, 2005 8:27 AM
> To: ipsec@ietf.org
> Subject: [Ipsec] Rekey IKE SA
>
>
>
>
>
> Can somebody please clarify the following:
>
> Section 2.18 of IKEv2 draft 17 states that when an IKE SA is
> being re-keyed the new initiator and responder SPI's are
> supplied in the SPI fields. But it seems to me that the SPI's
> of the existing IKE SA are required in these fields to be
> able to decrypt the packets (you need the SPI's to be able to
> identity which IKE SA the packet belongs to). Therefore this
> statement does not make sense to me. Is this a mistake or am
> I missing something?
>
> Thanks, Tom
>
>
> _______________________________________________
> Ipsec mailing list
> Ipsec@ietf.org
> https://www1.ietf.org/mailman/listinfo/ipsec
>
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic