Hi All,
One comment/request on the IKEv2bis draft. One of the differences between RFC 4306 and the IKEv2bis draft is in Section 2.17, Generating Key Material for Child SAs. Appendix E.2 of the IKEv2bis draft indicates the following: In Section 2.17, removed "If multiple IPsec protocols are negotiated, keying material is taken in the order in which the protocol headers will appear in the encapsulated packet" because multiple IPsec protocols cannot be negotiated at one time. Is it possible to leave the quoted text in the spec? I agree that multiple IPsec protocols cannot be negotiated at one time; however, the text is useful for ROHCoIPsec implementers, where multiple keys may need to be generated for a ROHC-enabled Child SA. For example, if a ROHC-enabled Child-SA with ROHC_INTEG [draft-ietf-rohc-ikev2-extensions-hcoipsec-09] is instantiated, first the IPsec encryption/authentication keying material will be taken, then an additional key will be taken for the algorithm used to verify the proper decompression of packet headers. BR, Emre
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
