[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: ipsec error protocol
> If you don't remember the authenticated identity, sessions will be
> vulnerable to hijacking by a different principal at rekey time.
True, although they wouldn't know the keys for any previously created SAs,
so it wouldn't help them much.
Personally, I don't think the memory savings of dangling phase 2s are worth
the disadvantages.
Andrew
-------------------------------------------
Upon closer inspection, I saw that the line
dividing black from white was in fact a shade
of grey. As I drew nearer still, the grey area
grew larger. And then I was enlightened.
References: