[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: [IPsec] ikev2 algorithms, Initiator choice preferred over responder ?
From: Yoav Nir <ynir () checkpoint ! com>
Date: 2012-10-25 6:18:09
Message-ID: F9BC857F-1D3D-4B57-B9A8-4E72F03AAEAA () checkpoint ! com
[Download RAW message or body]
Hi Kalyani
The spec is silent on how the responder chooses the algorithm from among the choices \
offered by the initiator. It can choose by giving priority to its own preferences, or \
by choosing the first proposal that is allowed by its policy. Since it does not \
affect interoperability, the RFC does not specify this.
Yoav
On Oct 24, 2012, at 6:23 AM, Kalyani Garigipati (kagarigi) wrote:
>
> Hi ,
>
> If the initiator proposes three algorithms say alg1, alg2. Alg3 for encryption in \
> SA1. And responders choice is in the order as alg3,alg2,alg1, then finally in \
> SA_INIT response what should be sent as the algorithm.
> From the RFC I felt that it is the initiator choice that should be given preference \
> and so responder MUST send alg1 in response. Or is it that responder MUST be given \
> preference and it MUST send alg3 in response ?
> I could not locate any paras in RFC which gives clear guidelines on this.
> Please let me know if anything like this is already mentioned otherwise I think it \
> should be added in clarifications.
> Regards,
> Kalyani
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic