Re: [IPsec] Who is the Initiator of rekeying CHILD SA?
"Kalyani Garigipati (kagarigi)" <kagarigi@cisco.com> Fri, 21 May 2010 08:30 UTC
Return-Path: <kagarigi@cisco.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3E5EA3A7586 for <ipsec@core3.amsl.com>; Fri, 21 May 2010 01:30:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.739
X-Spam-Level:
X-Spam-Status: No, score=-0.739 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3u2n+HeGNoMn for <ipsec@core3.amsl.com>; Fri, 21 May 2010 01:30:25 -0700 (PDT)
Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by core3.amsl.com (Postfix) with ESMTP id 58A9E3A8015 for <ipsec@ietf.org>; Thu, 20 May 2010 22:58:49 -0700 (PDT)
Authentication-Results: ams-iport-2.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqQEAIq99UtAaHtegWdsb2JhbACBPpxiFQEBFiIio02ZQoUSBIM+
X-IronPort-AV: E=Sophos;i="4.53,276,1272844800"; d="scan'208,217";a="7705297"
Received: from hkg-core-1.cisco.com ([64.104.123.94]) by ams-iport-2.cisco.com with ESMTP; 21 May 2010 05:20:02 +0000
Received: from xbh-bgl-411.cisco.com (xbh-bgl-411.cisco.com [72.163.129.201]) by hkg-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o4L5wcqa025150; Fri, 21 May 2010 05:58:39 GMT
Received: from xmb-bgl-416.cisco.com ([72.163.129.212]) by xbh-bgl-411.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 21 May 2010 11:28:24 +0530
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CAF8AA.9FD20A23"
Date: Fri, 21 May 2010 11:28:23 +0530
Message-ID: <E2C4BA03EFC52048969B27A016F10C5402FDB38D@XMB-BGL-416.cisco.com>
In-Reply-To: <AANLkTil_ocYI_iSNbeJSSiAdmnxmRChd2R4vJhxGMgBF@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [IPsec] Who is the Initiator of rekeying CHILD SA?
Thread-Index: Acr4MsfgGIBBizf1SiiP+W6dImD//AAd7lPQ
References: <AANLkTil_ocYI_iSNbeJSSiAdmnxmRChd2R4vJhxGMgBF@mail.gmail.com>
From: "Kalyani Garigipati (kagarigi)" <kagarigi@cisco.com>
To: Jaemin Park <jmpark81@gmail.com>, ipsec@ietf.org
X-OriginalArrivalTime: 21 May 2010 05:58:24.0452 (UTC) FILETIME=[9FE9F840:01CAF8AA]
Subject: Re: [IPsec] Who is the Initiator of rekeying CHILD SA?
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 May 2010 08:30:26 -0000
Hi Jaemin, You are right, Since B is initiating the exchange the values of SPIi, Ni, and TSi will be the values of host B Regards, kalyani ________________________________ From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf Of Jaemin Park Sent: Thursday, May 20, 2010 9:07 PM To: ipsec@ietf.org Subject: [IPsec] Who is the Initiator of rekeying CHILD SA? This can be the ridiculous question, but there exist some confusion in the context of initiator of CHILD SA around me. Suppose that host A and host B exist. Host A initiated the exchanges (IKE_SA_INIT & IKE_AUTH) to establish the IKE SA and CHILD SA with host B. (In this case, Host A is the Initiator and Host B is responder.) Then, host B (the responder of previous IKE exchange) initiated the CHILD SA rekeying (CREATE_CHILD_SA) with host A. In this case, who is the Initiator of rekeying CHILD SA? host B? or host A? According to the RFC4306, I think host B is the initiator of CHILD SA. Therefore, the fields such as SPIi, Ni and TSi should be the value of host B. Am I right?
- [IPsec] Who is the Initiator of rekeying CHILD SA? Jaemin Park
- Re: [IPsec] Who is the Initiator of rekeying CHIL… Kalyani Garigipati (kagarigi)