[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC Security Gateways & NAT

To: "Chen, David" <dchen@ellacoya.com>
Subject: Re: IPSEC Security Gateways & NAT
From: Dan Harkins <dharkins@lounge.org>
Date: Thu, 14 Jun 2001 11:35:58 -0700
Cc: ipsec@lists.tislabs.com
In-Reply-To: Your message of "Thu, 14 Jun 2001 12:45:39 EDT." <85D31AAF3DFCD4119C44000102C009707DD76A@mail.ellacoya.com>
Sender: owner-ipsec@lists.tislabs.com

  No, the DH secret is generated *before* authentication. Re-read the RFC.

  Dan.

On Thu, 14 Jun 2001 12:45:39 EDT you wrote
> Dan,
> 
> Since the phase 1 goal is to auth DH-key exchange.
> The DH key is generated *after* auth anyway. 
> 
> However,
> the pre-shared key (pass-phrase) authetication cost less (and stateless) 
> for responder to verify than "public key" authentication.
> 
> Regards,
> 
> --- David

References:

RE: IPSEC Security Gateways & NAT

From: "Chen, David" <dchen@ellacoya.com>

Prev by Date: RE: IPSEC Security Gateways & NAT
Next by Date: RE: IPSEC Security Gateways & NAT
Prev by thread: RE: IPSEC Security Gateways & NAT
Next by thread: RE: IPSEC Security Gateways & NAT
Index(es):
- Main
- Thread