Hi I've submitted version -01 of my draft. It incorporates Valery's suggestion to move the "adoption" to an exchange protected by the old IKE SA rather than the IKE_AUTH exchange that creates the new IKE SA. Since child SAs are "pushed" instead of "pulled", I changed the name from "adopting" to "handing over" (because "giving up" seemed to be carrying this too far :-) )
This change also simplifies the protocol, and IMO removes the need to cryptographically bind the transfer. Yoav -----Original Message----- From: internet-dra...@ietf.org [mailto:internet-dra...@ietf.org] Sent: Thursday, August 22, 2013 11:26 AM To: Yoav Nir Subject: New Version Notification for draft-nir-ipsecme-cafr-01.txt A new version of I-D, draft-nir-ipsecme-cafr-01.txt has been successfully submitted by Yoav Nir and posted to the IETF repository. Filename: draft-nir-ipsecme-cafr Revision: 01 Title: Handing Over Child SAs Following Re-Authentication in IKEv2 Creation date: 2013-08-22 Group: Individual Submission Number of pages: 7 URL: http://www.ietf.org/internet-drafts/draft-nir-ipsecme-cafr-01.txt Status: http://datatracker.ietf.org/doc/draft-nir-ipsecme-cafr Htmlized: http://tools.ietf.org/html/draft-nir-ipsecme-cafr-01 Diff: http://www.ietf.org/rfcdiff?url2=draft-nir-ipsecme-cafr-01 Abstract: This document describes an extension to the IKEv2 protocol whereby Child SAs are moved to the new IKE SA following re-authentication. This allows for a smoother transition with no loss of connectivity. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec