Hi Matt,
Please see Sec. 1.3.3 of draft-ietf-ipsecme-ikev2bis-02. I believe it
answers your question.
Thanks,
Yaron
_____
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of
Matthew Cini Sarreo
Sent: Friday, April 17, 2009 14:48
To: ipsec@ietf.org
Subject: [IPsec] IKEv2: Ambiguous REKEY_SA text
Hello,
When reading section 2.8.3. Rekeying the IKE SA Versus Reauthentication:
"IKEv2 does not have any special support for reauthentication.
Reauthentication is done by creating a new IKE SA from scratch (using
IKE_SA_INIT/IKE_AUTH exchanges, without any REKEY_SA notify payloads),"
seems to indicate (at least, when one reads this for the first time) that
rekeying an IKE SA will include a notify payload containing REKEY_SA but
this seems to be incorrect as nowhere in the text it is stated that rekeying
an IKE SA would include a REKEY_SA notify payload.
Regards,
Matt
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
