[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Mobile IPv6 - IPsec interaction.

To: Franck.Le@nokia.com
Subject: RE: Mobile IPv6 - IPsec interaction.
From: Tero Kivinen <kivinen@ssh.fi>
Date: Thu, 4 Jan 2001 20:18:33 +0200
Cc: Mohan.Parthasarathy@Eng.Sun.COM, ipsec@lists.tislabs.com, Francis.Dupont@enst-bretagne.fr
In-Reply-To: <7B5C0390ACE7D211BC9C0008C7EABA2B028DBD4C@daeis07nok>
Organization: SSH Communications Security Oy
References: <7B5C0390ACE7D211BC9C0008C7EABA2B028DBD4C@daeis07nok>
Sender: owner-ipsec@lists.tislabs.com

Franck.Le@nokia.com writes:
> Why using user@fqdn,fixed.domain.name.at.home (fqdn) or distinguished name
> rules out using main mode with pre-shared keys ?

If you use main mode and pre-shared keys, you need to know the
pre-shared key based on the ip-address. If the ip-address is random
then there is no way for the gateway to know which pre-shared key to
use to decrypt the identity sent by the other host.

In main mode you need to select the pre-shared key before you can see
the identity of the other end, because you need that pre-shared key to
decrypt the identity the other end sent. 
-- 
kivinen@ssh.fi                               Work : +358 303 9870
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

References:

RE: Mobile IPv6 - IPsec interaction.

From: Franck.Le@nokia.com

Prev by Date: Re: Mobile IPv6 - IPsec interaction.
Next by Date: Re: Mobile IPv6 - IPsec interaction.
Prev by thread: RE: Mobile IPv6 - IPsec interaction.
Next by thread: Re: Mobile IPv6 - IPsec interaction.
Index(es):
- Main
- Thread