Hello,
I have been reading RFC 4106 & 4543 over the past 2 weeks & in the process of
implementing this RFC for IKEv1 module for my customer.
There is a long pending clarification, Appreciate your help on establishing
clarity.
1. What is the scope of Authentication between ESP GMAC & AH GMAC
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
Of Vinod Sasi
Sent: Tuesday, April 05, 2011 10:18 AM
To: 'ipsec@ietf.org'
Subject: [IPsec] Queries relating to ESP/AH GCM & GMAC
Hello,
I have been reading RFC 4106 & 4543 over the past 2 weeks & in the
process of
I have a question about what is meant by 'equivalent' SA's wrt
to rekeying. If someone has already addressed this, my apologies
and please point to the thread I missed. - thx.
In section 2.8 it talks about when rekeying a Child SA or an IKE SA, that
the peers should establish an 'equivalent' SA.
On Tue, Apr 5, 2011 at 4:07 PM, Frank Bailey
wrote:
> I have a question about what is meant by ‘equivalent’ SA’s wrt
> to rekeying. If someone has already addressed this, my apologies
> and please point to the thread I missed. – thx.
>
> In section 2.8 it talks about when rekeying a Child SA or
- thank you, that clears it up.
___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
Hello Scott,
Many thanks for your reply; this is helping me to a great extent.
Few more clarifications from your reply..
1.) RFC 4106 talks about Nonce = IV + Salt (last 4 bytes of keying material
derived during SA creation). But where do we actually use it in the context of
ESP & AH? I de
