Question about New Group mode

"Valery Smyslov" <svan@elvis.ru> Wed, 16 September 1998 07:44 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id DAA14198 for ipsec-outgoing; Wed, 16 Sep 1998 03:44:01 -0400 (EDT)
Message-Id: <199809160753.LAA04502@relay2.elvis.ru>
Comments: Authenticated sender is <svan@ss10>
From: Valery Smyslov <svan@elvis.ru>
Organization: Elvis+
To: Daniel Harkins <dharkins@cisco.com>
Date: Wed, 16 Sep 1998 11:53:08 +0003
MIME-Version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Subject: Question about New Group mode
CC: ipsec@tis.com
X-mailer: Pegasus Mail for Win32 (v2.52)
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Hi, Dan,

I have a question regarding New Group mode.

Is it possible for ISAKMP responder to initiate New Group mode 
after performing phase 1 negotiating? (Imagine two hosts, A and B; 
if local policy on host A dictates that it must use private DH group 
with host B, and host B initiated phase 1 not offering that group, 
what should host A do: wait in hope that host be B will sometime 
negotiate that group or try to do it by itself?).

Draft doesn't explicitly prohibit this, it only states that New Group 
mode MUST only follow phase 1 (section 5.6).

Regards, Valery Smyslov.

Question about New Group mode Valery Smyslov
Re: Question about New Group mode Daniel Harkins