[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC Security Gateways & NAT
No, the DH secret is generated *before* authentication. Re-read the RFC.
Dan.
On Thu, 14 Jun 2001 12:45:39 EDT you wrote
> Dan,
>
> Since the phase 1 goal is to auth DH-key exchange.
> The DH key is generated *after* auth anyway.
>
> However,
> the pre-shared key (pass-phrase) authetication cost less (and stateless)
> for responder to verify than "public key" authentication.
>
> Regards,
>
> --- David
References: