Kalyani Garigipati (kagarigi) <kagar...@cisco.com> wrote: KG> If the initiator proposes three algorithms say alg1, alg2. Alg3 KG> for encryption in SA1. And responders choice is in the order as KG> alg3,alg2,alg1, then finally in SA_INIT response what should be KG> sent as the algorithm.
Why would the responder reply with three choices? The spec doesn't say that. It's not a negotiation. If the responder has a preference, it should simply state that one preference in the reply. KG> From the RFC I felt that it is the initiator choice that should KG> be given preference and so responder MUST send alg1 in response. KG> Or is it that responder MUST be given preference and it MUST KG> send alg3 in response ? The responder is free to answer whatever it thinks it should based upon local policy. {in the future, please create a new email rather than replying (and including) another thread in your email. This matters to the list archives. I've removed the in reply-to, references, etc. headers from this email, and I'm including your email below for context} From: "Kalyani Garigipati (kagarigi)" <kagar...@cisco.com> To: "ipsec@ietf.org" <ipsec@ietf.org> Date: Wed, 24 Oct 2012 04:23:14 +0000 x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19298.000 x-tm-as-result: No--56.144900-8.000000-31 x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No Subject: [IPsec] ikev2 algorithms, Initiator choice preferred over responder ? Sender: ipsec-boun...@ietf.org Hi , If the initiator proposes three algorithms say alg1, alg2. Alg3 for encryption in SA1. And responders choice is in the order as alg3,alg2,alg1, then finally in SA_INIT response what should be sent as the algorithm. From the RFC I felt that it is the initiator choice that should be given preference and so responder MUST send alg1 in response. Or is it that responder MUST be given preference and it MUST send alg3 in response ? I could not locate any paras in RFC which gives clear guidelines on this. Please let me know if anything like this is already mentioned otherwise I think it should be added in clarifications. Regards, Kalyani -- Michael Richardson -on the road-
pgpMJkgNrKFsU.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec