Re: A fix for main mode with preshared keys

[francisco_corella@hp.com]

If nothing else, the confusion caused by having both the id payload and the 
source ip address as possible ways of determmining the identity is a big 
problem, which results in bugs and lack of interoperability.

Francisco


______________________________ Reply Separator _________________________________
Subject: Re: A fix for main mode with preshared keys
Author:  Non-HP-dharkins (dharkins@network-alchemy.com) at HP-ColSprings,mimegw5
Date:    12/13/99 11:00 AM


On Mon, 13 Dec 1999 11:59:25 +0300 you wrote 
> > 
> > What problem? It would help if you could say exactly what you're trying to 
> > solve. It started out as a way to not require keys to be bound to an IP 
> > address. But that problem is solved. So what is it that you're trying to 
> > solve now?
> 
> I think the problem is to not require keys to be bound to an IP address 
> while using Main Mode. You solution doesn't solve this problem, while, 
> Hugo's does. And besides, Hugo's solution makes policy lookup in IKE
> more uniform - you always rely only on ID payload content regardless of 
> IKE's mode of operation.
     
That's not a problem, that's a feature request. What is the problem that 
not binding a pre-shared key to an IP address in Main Mode would solve? 
Would Base Mode with ID_KEY_ID-based pre-shared keys not solve that problem 
as well? Would RSA (or El-Gamal) encrypted nonces not solve that problem 
as well? 
     
  Dan.

---

References:

• Re: A fix for main mode with preshared keys
• From: Dan Harkins <dharkins@network-alchemy.com>

---

• Prev by Date: Re: A problem with public key encrption in IKE
• Next by Date: Re: A fix for main mode with preshared keys
• Prev by thread: Re: A fix for main mode with preshared keys
• Next by thread: RE: A fix for main mode with preshared keys
• Index(es):
  • Main
  • Thread