Hi Paul, > Valery: I like it. You outlined that <missed it>. Is it neceesary for > security? > > Scott: No, but I put it in there because <missed it>. > > I believe this was about sending KE payloads for each exchange? And Scott left > it in because it kept the existing code/protocol intact?
No, I asked why each new KE in IKE_AUX incorporates its own nonce, instead of re-using nonces from IKE_SA_INIT. I have no problem with this if it is needed for security, my question was driven by curiosity. Regards, Valery _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
