Thank you for proposing text, it was helpful. Deb Cooley Sec AD
On Tue, May 26, 2026 at 5:11 AM Songbo Bu <[email protected]> wrote: > Hi Valery, > > Thanks, that works for me. The added reference to the peer verifying > authentication data created using the non-compromised key makes the > assumption clearer than my original wording. > > I would only suggest one small editorial cleanup if you touch the > paragraph again: > > Thus, there is no separate downgrade-detection procedure. Instead, the > additional initial-exchange data (the IKE_SA_INIT message received by a > peer) is included in the input to the IKEv2 authentication calculation. > > Otherwise the direction looks good to me. > > Best, > Songbo Bu >
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
