[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MM with signatures and dynamic IP addresses?

To: ipsec-list <ipsec@lists.tislabs.com>
Subject: MM with signatures and dynamic IP addresses?
From: Ari Huttunen <Ari.Huttunen@F-Secure.com>
Date: Tue, 21 Dec 1999 13:25:56 +0200
Organization: F-Secure Oyj
Sender: owner-ipsec@lists.tislabs.com

What is the responder supposed to do in the following scenario:
 Main mode with signature authentication is being used and the 
 initiator chooses the IP address dynamically.

Now, the responder needs to determine the security policy that is 
used to select the SAs from those proposed by the initiator.
Unfortunately at this point the responder has no idea who the
initiator is..

I can think of a few possible solutions: 1) the initiator
only sends one choice so the responder cannot make a mistake,
2) the responder tries to guess the strongest proposed SAs,
3) use aggressive mode. 

Comments?

-- 
Ari Huttunen                   phone: +358 9 859 900
Senior Software Engineer       fax  : +358 9 8599 0452

F-Secure Corporation       http://www.F-Secure.com 

F-Secure products: Integrated Solutions for Enterprise Security

Follow-Ups:

Re: MM with signatures and dynamic IP addresses?

From: francisco_corella@hp.com

Prev by Date: tell me something about the frees/wan
Next by Date: Re: signture mode and non-repudiation
Prev by thread: Dest addr. in tunnel mode
Next by thread: Re: MM with signatures and dynamic IP addresses?
Index(es):
- Main
- Thread