Hi Jaemin,
You are right, Since B is initiating the exchange the values of SPIi, Ni, and TSi will be the values of host B Regards, kalyani ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Jaemin Park Sent: Thursday, May 20, 2010 9:07 PM To: [email protected] Subject: [IPsec] Who is the Initiator of rekeying CHILD SA? This can be the ridiculous question, but there exist some confusion in the context of initiator of CHILD SA around me. Suppose that host A and host B exist. Host A initiated the exchanges (IKE_SA_INIT & IKE_AUTH) to establish the IKE SA and CHILD SA with host B. (In this case, Host A is the Initiator and Host B is responder.) Then, host B (the responder of previous IKE exchange) initiated the CHILD SA rekeying (CREATE_CHILD_SA) with host A. In this case, who is the Initiator of rekeying CHILD SA? host B? or host A? According to the RFC4306, I think host B is the initiator of CHILD SA. Therefore, the fields such as SPIi, Ni and TSi should be the value of host B. Am I right?
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
