Valery Smyslov writes:
> No, I asked why each new KE in IKE_AUX incorporates its own nonce, instead
> of re-using
> nonces from IKE_SA_INIT. I have no problem with this if it is needed
> for security, my question was driven by curiosity.
I.e., so this would be (more?) correct:
----------------------------------------------------------------------
Valery: I like it. You outlined that you send Nonce payload for each
KE exchange, and not reuse one from IKE_SA_INIT. Is it
neceesary for security?
Scott: No, but I put it in there because it kept the existing
code/protocol intact.
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
