[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec
Subject:    Re: [IPsec] ikev2 algorithms, Initiator choice preferred over responder ?
From:       Yoav Nir <ynir () checkpoint ! com>
Date:       2012-10-25 6:18:09
Message-ID: F9BC857F-1D3D-4B57-B9A8-4E72F03AAEAA () checkpoint ! com
[Download RAW message or body]

Hi Kalyani

The spec is silent on how the responder chooses the algorithm from among the choices \
offered by the initiator. It can choose by giving priority to its own preferences, or \
by choosing the first proposal that is allowed by its policy. Since it does not \
affect interoperability, the RFC does not specify this.

Yoav

On Oct 24, 2012, at 6:23 AM, Kalyani Garigipati (kagarigi) wrote:

> 
> Hi ,
> 
> If the initiator proposes three algorithms say alg1, alg2. Alg3 for encryption in \
> SA1. And responders choice is in the order as  alg3,alg2,alg1, then finally in \
> SA_INIT response what should be sent as the algorithm. 
> From the RFC I felt that it is the initiator choice that should be given preference \
> and so responder MUST send alg1 in response. Or is it that responder MUST be given \
> preference and it MUST send alg3 in response ? 
> I could not locate any paras in RFC which gives clear guidelines on this.
> Please let me know if anything like this is already mentioned otherwise I think it \
> should be added in clarifications. 
> Regards,
> Kalyani

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec


[prev in list] [next in list] [prev in thread] [next in thread]