[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Extended authentication with ISAKMP/Oakley draft

To: rpereira@TimeStep.com
Subject: RE: Extended authentication with ISAKMP/Oakley draft
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Sun, 14 Dec 1997 12:59:31 +0200 (IST)
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

Roy, I haven't read your draft (yet).
I agree with placing the SecureID and alike mechanisms
together with the Phase1 authentication.
Just one comment on your remark about using aggressive mode:

> The only reason that MainMode was chosen was because it encrypts the
> authentication exchange.  If you don't mind sending user names and
> passcodes in the clear, then you may use Aggressive Mode.  But I don't
> think people should do that.

Notice that one advantage of the public key encryption mode of
authentication is that it allows to encrypt the above information 
also in Aggressive Mode.

Hugo

Prev by Date: Re: Re[2]: IPSEC document reading party!
Next by Date: RE: Extended authentication with ISAKMP/Oakley draft
Prev by thread: RE: Extended authentication with ISAKMP/Oakley draft
Next by thread: RE: Extended authentication with ISAKMP/Oakley draft
Index(es):
- Main
- Thread