This can be the ridiculous question, but there exist some confusion in the context of initiator of CHILD SA around me.
Suppose that host A and host B exist. Host A initiated the exchanges (IKE_SA_INIT & IKE_AUTH) to establish the IKE SA and CHILD SA with host B. (In this case, Host A is the Initiator and Host B is responder.) Then, host B (the responder of previous IKE exchange) initiated the CHILD SA rekeying (CREATE_CHILD_SA) with host A. In this case, who is the Initiator of rekeying CHILD SA? host B? or host A? According to the RFC4306, I think host B is the initiator of CHILD SA. Therefore, the fields such as SPIi, Ni and TSi should be the value of host B. Am I right?
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
