[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Mobile IPv6 - IPsec interaction.
Franck.Le@nokia.com writes:
> Why using user@fqdn,fixed.domain.name.at.home (fqdn) or distinguished name
> rules out using main mode with pre-shared keys ?
If you use main mode and pre-shared keys, you need to know the
pre-shared key based on the ip-address. If the ip-address is random
then there is no way for the gateway to know which pre-shared key to
use to decrypt the identity sent by the other host.
In main mode you need to select the pre-shared key before you can see
the identity of the other end, because you need that pre-shared key to
decrypt the identity the other end sent.
--
kivinen@ssh.fi Work : +358 303 9870
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
References: