Hi Paul,
Trying to clarify some things from my experience implementing this
extension. The authors might have some more insights on these points.
Key exchange methods negotiated via Transform Type 4 MUST always take
place in the IKE_SA_INIT exchange. Additional key exchanges
I was reading the draft-ietf-ipsecme-ikev2-intermediate through and I
think it might be good thing to add a note at the end of section 3.3.1
Protection of the IKE_INTERMEDIATE messages to clarify which SK_e[i/r]
and SK_a[i/r] are to be used for the IKE_AUTH after all
IKE_INTERMEDIATE exchanges (I a
