On Thursday 18 October 2012 03:12 PM, Martin Willi wrote: >> I have also expressed the concern to do similar provisioning for >> esp= param as well. Can the check be extended for PROTO_ESP too ? > There is no PRF involved in ESP SAs, nor is a dedicated PRF used in > CHILD_SA establishment. Hence I see no reason what we could configure > there.
Correct. I could infer it now as in RFC 4306 Sec 3.3 (and 2.10) that, prf algorithm is chosen only in IKE exchange (not in CHILD SA). Thanks, Gowri Shankar > Regards > Martin > > > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
