[IPsec] About PFS for first CHILD_SA
"Anil Bollineni" <ABollineni@juniper.net> Mon, 01 October 2007 23:28 UTC
Return-path: <ipsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IcUgg-0001qP-Kz; Mon, 01 Oct 2007 19:28:30 -0400
Received: from ipsec by megatron.ietf.org with local (Exim 4.43) id 1IcUgf-0001o3-Ep for ipsec-confirm+ok@megatron.ietf.org; Mon, 01 Oct 2007 19:28:29 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IcUgf-0001g6-4J for ipsec@ietf.org; Mon, 01 Oct 2007 19:28:29 -0400
Received: from exprod7og61.obsmtp.com ([64.18.2.177]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IcUgW-0006VK-OG for ipsec@ietf.org; Mon, 01 Oct 2007 19:28:26 -0400
Received: from source ([66.129.224.36]) by exprod7ob61.obsmtp.com ([64.18.6.12]) with SMTP; Mon, 01 Oct 2007 16:27:00 PDT
Received: from hadron.jnpr.net ([172.24.15.25]) by gamma.jnpr.net with Microsoft SMTPSVC(6.0.3790.1830); Mon, 1 Oct 2007 16:26:12 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 01 Oct 2007 16:26:11 -0700
Message-ID: <F07F17B61B7FF545BC7D7E4BFBE15D2A0510AC26@hadron.jnpr.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: About PFS for first CHILD_SA
Thread-Index: AcgEgnOL/y0gqeRPRQ2p3exq2DIm5w==
From: Anil Bollineni <ABollineni@juniper.net>
To: ipsec@ietf.org
X-OriginalArrivalTime: 01 Oct 2007 23:26:12.0796 (UTC) FILETIME=[7490B7C0:01C80482]
X-Spam-Score: -4.0 (----)
X-Scan-Signature: d2b46e3b2dfbff2088e0b72a54104985
Subject: [IPsec] About PFS for first CHILD_SA
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1829205634=="
Errors-To: ipsec-bounces@ietf.org
Hi there, I would like to know how PFS is achieved for first CHILD_SA that is created as part of piggyback in AUTH exchange. RFC 4306 says no KE will be exchanged and RFC 4718 says no D-H group is exchanged for first CHILD_SA. Does it mean the first CHILD_SA will inherit all keys from first SA_INIT? If anybody know the answer for this, can you please tell to me? Thanks in Advance, Anil
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
- [IPsec] About PFS for first CHILD_SA Anil Bollineni
- RE: [IPsec] About PFS for first CHILD_SA Black_David
- [IPsec] Re: About PFS for first CHILD_SA Michael Richardson