[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hybrid Authentication and Remote Access



Moshe Litvin writes:
> I don't think that the 6 messages of main mode are curved in rock and
> I don't see why it should be. Also note that normally the hybrid mode
> takes also exactly 6 messages.

It doesn't matter if it takes 6 packets normally, if it can take more.
I still have to write code for that special case, and test it, and it
doesn't help me a bit that it quite often takes only 6 packets. 

> More fundamental to IKE is the idea that the authentication mode is
> negotiable.

Yes, but if you are only offering the hybrid mode, then only think you
can really negotiate is, if the other ends supports this method or
not. You can get same feedback by trying to use new exchange method
(==notification back).

If you can suggest several authentication methods, why select this one
with so many problems (the re-keying problem)?
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/


Follow-Ups: References: