Hi Kathy,
"Where not specified otherwise, the IKE_SESSION_RESUME exchange behaves
exactly like the IKE_SA_INIT exchange."
This means in my opinion, that the client that sends the first
IKE_SESSION_RESUME message should have the Initiator Flag set. And the
table in Sec. 5 applies not only to "after resumption" but in this case,
to the resumption exchange as well.
Thanks,
Yaron
On 05/04/2015 11:23 PM, Lihua Wan wrote:
Hi all,
In RFC5723 section 5, it mentions
+--------------------------------+----------------------------------+
| State Item | After Resumption |
+--------------------------------+----------------------------------+
...
| Which peer is the "original | Determined by the initiator of |
| initiator"? | IKE_SESSION_RESUME. |
If client is initiator of IKE_SESSION_RESUME, I understand client is the
original initiator AFTER resumption. So the initiator flag in the IKE
header should be set by client after resumption.
My question is what about the resume request packet during resume
exchange? Should client set the initiator flag in IKE header when it
sends out resume request?
The case is like blow:
1. Gateway initiated IKE rekey completed.
2. Connection is suspened.
3. Client sends a resume request to gateway in the RESUME exchange.
In step 3, should the IKE header sent by Client set the initiator flag?
I know if client sets the initiator flag, then gateway should response
with the initiator flag cleared.
But according to RFC7296 initiator flag explanation, Gateway is the
initiator of last IKE SA rekey. I am not sure which side should be set
the initiator flag during resume exchange.
Thanks.
Kathy
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
