[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
MM with signatures and dynamic IP addresses?
What is the responder supposed to do in the following scenario:
Main mode with signature authentication is being used and the
initiator chooses the IP address dynamically.
Now, the responder needs to determine the security policy that is
used to select the SAs from those proposed by the initiator.
Unfortunately at this point the responder has no idea who the
initiator is..
I can think of a few possible solutions: 1) the initiator
only sends one choice so the responder cannot make a mistake,
2) the responder tries to guess the strongest proposed SAs,
3) use aggressive mode.
Comments?
--
Ari Huttunen phone: +358 9 859 900
Senior Software Engineer fax : +358 9 8599 0452
F-Secure Corporation http://www.F-Secure.com
F-Secure products: Integrated Solutions for Enterprise Security
Follow-Ups: