[strongSwan] When is DH re-negotiated ?

[Graham Hudspith]

Martin,

Thanks for the reply. Couple of follow-ons ...


On 24 March 2011 12:15, Martin Willi <martin at strongswan.org> wrote:

> > Here, for our initiators, we give this choice to the SeGW by
> > specifying that we accept either (e.g. "aes-sha1-modp1024,aes-sha1!").
>
> > My understanding is that by specifying the above, we are leaving it up
> > to the SeGW to choose whether to always re-negotiate the DH when the
> > CHILD_SA is rekeyed (by sending back to us "aes-sha1-modp1024") or to
> > never re-negotiate the DH when the CHILD_SA is rekeyed (by sending
> > back to us "aes-sha1").
>
> As long as the rekeying is always initiated by the SeGW, your
> understanding is correct.
>
>
In this case, I believe that it is always us (the client) that initiates
rekeying. So, by proposing "aes-sha1-modp1024,aes-sha1!", you could say that
we are giving the SeGW a choice of whether it wants us to perform a DH or
non-DH CHILD_SA rekey ?


> So, if the former, does this mean that a new DH is re-negotiated
> > everytime we rekey the CHILD_SA AND a new DH is re-negotiated
> > everytime we rekey the IKE_SA ?
>
> > If the latter, does this mean that a new DH is re-negotiated ONLY when
> > we rekey the IKE_SA ?
>
> > Finally, if the latter, can the SeGW vary when the DH is re-negotiated
> > (i.e. re-negotiate the DH every THIRD time the CHILD_SA is rekeyed) ?
>
> Yes, yes. And yes ;-).


So, if we propose "aes-sha1-modp1024,aes-sha1!" and the SeGW returns
"aes-sha1" and it is up to us whether or not we actually perform a DH or
non-DH CHILD_SA rekey, it would probably be rude for us to attempt a DH
CHILD_SA rekey when the SeGW has indicated a preference for a non-DH one ?
:-)

Regards,

Graham.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110324/c68a219c/attachment.html>