[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IKE Public Key Encryption
DH> It's hashed to retain identity protection which is a feature of Main
DH> Mode.
As a general comment on including the hash of the certificate/public key in
the message, this doesn't really provide true identity protection, since an
attacker could generate the same hash.
Wouldn't it be better to use a hash of the certificate plus some session
info (e.g. the cookies), which would at least protect against identity
tracking attacks.
Andrew
--------------------------------------
Beauty with out truth is insubstantial.
Truth without beauty is unbearable.
Follow-Ups: