[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Photuris questions



-----BEGIN PGP SIGNED MESSAGE-----

content-type: text/plain; charset=us-ascii

   > From: Hilarie Orman <ho@cs.arizona.edu>
   > No, not really.  The initiator must indicate it supports at least one
   > hash method, and the responder is free to choose this with AH as its
   > corresponding security association, without being aware that the
   > initiator expects, desires, frantically demands ESP in return.
   >
   How can it frantically "demand" ESP when the peer doesn't support it?

What about the case where each host supports ESP, but only wants to
use it some of the time, for *some* of the SA's between each host?

I can see cases where:
	a) the initiator wants to use ESP, and wants the responder to
	   use ESP,
		(client initiates connection to server and wants encryption)

	b) the responder wants to use ESP, and wants the initiator to
           use ESP.
		(the connection above is sitting idle;
		 the SA's have all expired; the server
		 generates some output, and needs to
		 reestablish the SA with the client)

	a) the initiator would prefer to avoid using ESP, and the
		responder doesn't care
	b) the responder would prefer to avoid using ESP, and the
		initiator doesn't care.

					- Bill




-----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBMFmhSlpj/0M1dMJ/AQFVCQP9EsDcH+r9tr7m0G80YHS05fYoPaICCP/R
BoWrxunrjVVb9uyVNr/JNy1X8KMfdzPUelzCrNQ85IvOWRi5FP/8dtoCu1mo22JX
Q6eBdodkhHlLLps+FgEcL+3r3niIZeBL9/qRFf1O0Hg0wP95FGpHcog00H/GGfty
xNX2/TikKKs=
=XeM8
-----END PGP SIGNATURE-----


Follow-Ups: References: