[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE Public Key Encryption
> But once I began to apply multiple certificates the point came quite
> clear. If the initiator does not send the HASH, the responder is out
> of luck in decrypting the messages unless all keys are tried... [and
> it's hard to decide whether a try is successful]
> Given this conversation...should it be mandatory?
Only if there is a well-defined convention for what it means in the case
where no certificates are involved, or if the mandatory-ness is only in
the certificate case. One major reason for making things optional is so
they can be omitted when they do not make sense.
Henry Spencer
henry@spsystems.net
Follow-Ups:
References: