[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKE drfat - draft-ietf-ipsec-isakmp-oakley-08.txt

To: Daniel Harkins <dharkins@cisco.com>, suresh@livingston.com
Subject: RE: IKE drfat - draft-ietf-ipsec-isakmp-oakley-08.txt
From: Bryan Gleeson <BGleeson@shastanets.com>
Date: Mon, 27 Jul 1998 22:41:45 -0700
Cc: iesg@ietf.org, ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

Dan,
 
> Let me also note that the issue raised here is, in fact, mentioned
> in draft-ietf-ipsec-isakmp-oakley-08.txt (in section 5.4). 
> Characterizing 
> this as a recently uncovered flaw implies that the author 
> either has not 
> fully read the draft or is intentionally mischaracterizing 
> the issue for 
> dramatic effect.

As you pointed out the issue was discussed a long time ago (Mar 97),
and the answer then was essentially "use aggressive mode". This is not
a mandatory feature, so it is possible to be fully ISAKMP/IPSEC 
compliant and yet not be able to support hosts that do not have a 
fixed IP address (mobile or use DHCP). From an interoperability
point of view this seems a bit weak, given that hosts with dynamic
IP addresses are not uncommon. Since this issue has come up
again - I'll make the same suggestion I made before - make support
of aggressive mode mandatory for the pre-shared key case.

Bryan

Prev by Date: Re: IKE drfat - draft-ietf-ipsec-isakmp-oakley-08.txt
Next by Date: Re: IKE drfat - draft-ietf-ipsec-isakmp-oakley-08.txt
Prev by thread: Re: IKE drfat - draft-ietf-ipsec-isakmp-oakley-08.txt
Next by thread: Re: IKE drfat - draft-ietf-ipsec-isakmp-oakley-08.txt
Index(es):
- Main
- Thread