Hello, Re: Part of RFC 5996 Sec 1.2 that talks about DH retry in the case initiator guesses the wrong DH group in SA INIT
It's not clear to me whether the expectation is for the second SA INIT attempt (this time with the DH group hinted at by peer) can start afresh with a new IKE cookie pair (message ID 1) OR If it must retain the existing cookie pair (message ID 2) AFAICT either way is acceptable since both achieve the same end. The former seems slightly easier. Pls correct me though if one approach is strictly the right way. If so then why. Thanks
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
