Hello,
The Ikev2 protocol seems to be very flexible in sending payloads in the messages. We can specify multiple proposals of same protocol or of different protocol (AH/ESP) in SA payload. We can also specify multiple traffic selectors in the TS payload. But all this will result in one IPsec SA to be established. If the user knows that it has to establish 2/3 CHILD_SA, will it not be good to have a provision to specify the information for all in a single message (IKE_AUTH). This might save a lot of CHILD_SA exchanges. This will be similar to including multiple DELETE payloads or including multiple SPI's in a single DELETE payload in INFO exchange to delete CHILD_SA's Kindly share your valuable views on the same. Regards, Prashant Batra
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
