Hello, When reading section 2.8.3. Rekeying the IKE SA Versus Reauthentication:
"IKEv2 does not have any special support for reauthentication. Reauthentication is done by creating a new IKE SA from scratch (using IKE_SA_INIT/IKE_AUTH exchanges, without any REKEY_SA notify payloads)," seems to indicate (at least, when one reads this for the first time) that rekeying an IKE SA will include a notify payload containing REKEY_SA but this seems to be incorrect as nowhere in the text it is stated that rekeying an IKE SA would include a REKEY_SA notify payload. Regards, Matt
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec