On Jul 8, 2025, at 04:30, Valery Smyslov <[email protected]> wrote: > > > > These notifications _only_ negotiate the support for the pfs-info > extension, they do not negotiate compatible (A)KE methods, and > they contain no data. The real negotiation of (A)KE methods for > Child SAs > take place in IKE_AUTH, when responder does already have > all the information about peer’s identity. > > The (A)KE methods are negotiated via SA payload in IKE_AUTH, > as well as other Child SA parameters. > >
Ah yes, I was wrong. This does make sense. Paul
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
