[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Photuris questions



In message <199509160143.AA36361@interlock.ans.net>, Hilarie Orman writes:
>The initiator cannot indicate that it is willing to use MD5 or SHA for
>the key hash but will only use SHA for the security association.
>Is this a deliberate design decision?
>
There is also another problem: since a K-transform HAS to be in the
list of transforms sent in the COOKIE_RESPONSE/KEY_REQUEST packets, the
remote can't distinguish mere inclusion of it as a K-transform or as a request
to use authentication. So it'll always try to use authentication (when the
algorithms are supported of course).
-Angelos


References: