Re: [IPsec] ikev2 algorithms, Initiator choice preferred over responder ?

Wed, 24 Oct 2012 16:50:10 -0700 

Kalyani Garigipati (kagarigi) <kagar...@cisco.com> wrote:
    KG> If the initiator proposes three algorithms say alg1, alg2. Alg3
    KG> for encryption in SA1.  And responders choice is in the order as
    KG> alg3,alg2,alg1, then finally in SA_INIT response what should be
    KG> sent as the algorithm.

Why would the responder reply with three choices?  The spec doesn't say that.
It's not a negotiation.  If the responder has a preference, it should
simply state that one preference in the reply.

    KG> From the RFC I felt that it is the initiator choice that should
    KG> be given preference and so responder MUST send alg1 in response.
    KG> Or is it that responder MUST be given preference and it MUST
    KG> send alg3 in response ?

The responder is free to answer whatever it thinks it should based upon
local policy.


{in the future, please create a new email rather than replying (and
including) another thread in your email.  This matters to the list
archives.  I've removed the in reply-to, references, etc. headers from
this email, and I'm including your email below for context}

From: "Kalyani Garigipati (kagarigi)" <kagar...@cisco.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Date: Wed, 24 Oct 2012 04:23:14 +0000
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19298.000
x-tm-as-result: No--56.144900-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Subject: [IPsec] ikev2 algorithms,
        Initiator choice preferred over responder ?
Sender: ipsec-boun...@ietf.org


Hi ,

If the initiator proposes three algorithms say alg1, alg2. Alg3 for encryption 
in SA1.
And responders choice is in the order as  alg3,alg2,alg1, then finally in 
SA_INIT response what should be sent as the algorithm.

From the RFC I felt that it is the initiator choice that should be given 
preference and so responder MUST send alg1 in response.
Or is it that responder MUST be given preference and it MUST send alg3 in 
response ?

I could not locate any paras in RFC which gives clear guidelines on this.
Please let me know if anything like this is already mentioned otherwise I think 
it should be added in clarifications.

Regards,
Kalyani



-- 
Michael Richardson
-on the road-

Attachment: pgpMJkgNrKFsU.pgp
Description: PGP signature

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to