Hi Tobias, > > You do not need to make childless IKE SA mandatory, you simply need to > > do first rekey after initial sa creation using normal rekey, and if > > that normal rekey has SA/KE payloads that are acceptable for the > > optimized rekey in the future, then you can use optimized rekeys in > > the future. > > That's exactly what I'm proposing. Make it *mandatory* that the first > rekeying > of the Child SA that's created with IKE_AUTH is a regular one. > Because if that's not the case, it might be impossible for a responder to > deduce > what the initiator's proposal is. All further rekeyings of that Child SA can > be > optimized afterwards.
Alternatively you may want not to make the first rekey mandatory, but instead assume that no KE transform is associated with the Child SA created by IKE_AUTH. In this case optimized rekey will work, but only for non-PFS cases - you just don't include KE payload. If you want to do optimized rekey with PFS, then first you have to do full rekey with PFS, so that KE transform is negotiated. Actually, we can make the draft more flexible with regard to PFS/noPFS rekeying. Currently optimized rekey takes all the transforms from the last full rekey, including KE transform. It means that in situation when one want to do every second rekey with PFS (rekey with PFS, then rekey with no PFS, then rekey with PFS etc.) optimized rekey is useless (as far as I understand), because all the properties (including the presence of PFS) are taken from the last full rekey. With regard to presence of PFS I think we can relax this - the presence of KE payload can indicate whether PFS is used. Regards, Valery. > Regards, > Tobias > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
