[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ipsec] Original initiator and responder after an IKE_SA rekeying in Repeated authentication scenario in IKEv2

Hi! We need some clarifications about how to know who are the original
initiator and responder in Repeated Authentication scenario in IKEv2.

The Repeated Authentication document assumes that only the original
responder can send the AUTH_LIFETIME notification, but after an IKE_SA
rekeying, the original responder can change (see IKEv2 clarifications
document section 5.9). After that, the original responder may be
different to the "original authentication responder" (the peer that acts
as responder in the IKE_AUTH exchange).

In this case, who is the "original responder" in order to send
AUTH_LIFETIME notifications?

Alejandro Perez Mendez
Pedro J. Fernandez Ruiz

University of Murcia
OpenIKEv2 http://openikev2.sf.net

Ipsec mailing list