Hi all, In RFC5723 section 5, it mentions +--------------------------------+----------------------------------+ | State Item | After Resumption | +--------------------------------+----------------------------------+
... | Which peer is the "original | Determined by the initiator of | | initiator"? | IKE_SESSION_RESUME. | If client is initiator of IKE_SESSION_RESUME, I understand client is the original initiator AFTER resumption. So the initiator flag in the IKE header should be set by client after resumption. My question is what about the resume request packet during resume exchange? Should client set the initiator flag in IKE header when it sends out resume request? The case is like blow: 1. Gateway initiated IKE rekey completed. 2. Connection is suspened. 3. Client sends a resume request to gateway in the RESUME exchange. In step 3, should the IKE header sent by Client set the initiator flag? I know if client sets the initiator flag, then gateway should response with the initiator flag cleared. But according to RFC7296 initiator flag explanation, Gateway is the initiator of last IKE SA rekey. I am not sure which side should be set the initiator flag during resume exchange. Thanks. Kathy
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
