[strongSwan-dev] Does IKE_SA Rekeying leads to Rekeying of Child SAs also?

samiran saha samiran.linux at gmail.com
Mon Apr 27 13:25:26 CEST 2015


Hello,
        I have a Confusion regarding rekeying Procedure of IKE_SA in IKEv2.MY
confusion is when rekeying of IKE_SA is done whether its repective Keys of
CHILD_SAs ie. ESP or AH SAs would be changed or not. As per rfc 7296, in
rekeying procedure of IKE_SA new SKEYSEED would be generate and then new
set of
          {SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr} =
                                          prf+ (SKEYSEED, Ni | Nr | SPIi |
SPIr).
i.e. new Sk_d is generated.So, does this new SK_d would reflect the Ongoing
CHILD_SAs keys or not??
Please Comment on this note.Quick response would be really helpful..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150427/2b6c705f/attachment.html>


More information about the Dev mailing list