ipsec November 2007 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: RE: [IPsec] CHILD_SA and PFS

RE: [IPsec] CHILD_SA and PFS

From: <Pasi.Eronen_at_nospam>
Date: Mon Nov 19 2007 - 07:52:18 GMT
To: <cnguyen@certicom.com>, <ipsec@ietf.org>

If the initial handshakes have completed, the peers have at least one Diffie-Hellman group they both support and consider acceptable. Although in theory you could consider group X acceptable only for "phase 1", but not "phase 2", this sounds like a somewhat weird policy to me.

About the "PFS mode": if the exchange initiator proposes a DH group in CREATE_CHILD_SA exchange, I'd usually expect the responder to accept it (if the group is generally acceptable), even if the responder doesn't care about PFS. If the initiator doesn't propose a DH group, and the responder cares about PFS, the responder can always initiate rekeying itself.

Best regards,

> -----Original Message-----
> From: ext Chinh Nguyen [mailto:cnguyen@certicom.com]
> Sent: 16 November, 2007 18:14
> To: ipsec@ietf.org
> Subject: [IPsec] CHILD_SA and PFS
> As stated in RFC4718, we do not include a DH group in the first
> CHILD_SA's proposals, due to the fact that no KE payloads are
> exchanged. This leaves the situation that any mismatch in the "PFS"
> mode of the peers (on/off) or DH group will not be known until the
> ipsec SA rekeys. At which time, presumably a NO PROPOSAL CHOSEN
> will be sent back.
> However, from a VPN user's perspective, it's not clear which is the
> more palatable scenario: failure to login (assuming we send the DH
> group in SAi2) or failure to maintain a VPN session (ipsec rekey
> fails).

> Chinh
> --
> http://www.certicom.com

IPsec mailing list