On 26 February 2015 at 16:08, Paul Wouters <[email protected]> wrote: > On Thu, 26 Feb 2015, D. Hugh Redelmeier wrote: > >> Then I read what your parenthetcal remark. Why would you want to >> match ESP with DH? How could they ever match? I'm pretty sure that >> I'm missing something.
> > I think he means an ESP proposal protected by PFS (eg an additioal DH > with KE) in the CREATE_CHIKD_SA ? Yes. Match an ESP proposal that includes [with] a DH transform. In ikev2_spdb_struct.c both parent (IKE) and child (ESP,?H) have redundant code, and no need to be dealing with v1 structures. > similar to ikev1, where a modp on the ike line meant for Main Mode, and > an modp on the esp line meant for additional Quick Mode's. > > Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
