> -----Original Message----- > From: IPsec <[email protected]> On Behalf Of Tero Kivinen > Sent: Thursday, July 19, 2018 11:23 AM > To: Valery Smyslov <[email protected]> > Cc: [email protected]; 'Paul Wouters' <[email protected]> > Subject: Re: [IPsec] IPsecME@IETF102 Montreal meeting minutes > > Valery Smyslov writes: > > No, I asked why each new KE in IKE_AUX incorporates its own nonce, > > instead of re-using nonces from IKE_SA_INIT. I have no problem with > > this if it is needed for security, my question was driven by > > curiosity. > > I.e., so this would be (more?) correct: > ---------------------------------------------------------------------- > Valery: I like it. You outlined that you send Nonce payload for each > KE exchange, and not reuse one from IKE_SA_INIT. Is it > neceesary for security? > > Scott: No, but I put it in there because it kept the existing > code/protocol intact.
Yes; not the wording I used, but that's what I meant. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
