Hi,
I think that the problem that the draft addresses can be solved
in more simple and elegant way. Just lift prohibition for KE transforms
to appear in the SA payload in IKE_AUTH.
Rationale. Currently all the parameters of the initial Child SA are
negotiated
in the IKE_AUTH exchange except for K
Hi,
I also have some comments on draft-pwouters-ipsecme-child-pfs-info.
>From the Introduction I learned that the problem this draft is trying to
address is the
lack of knowledge at the time the initial Child SA is being created in
IKE_AUTH of what KE methods are
configured for subsequent reke
