[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC Security Gateways & NAT

To: Ari Huttunen <Ari.Huttunen@F-Secure.com>
Subject: Re: IPSEC Security Gateways & NAT
From: Bill Sommerfeld <sommerfeld@East.Sun.COM>
Date: Mon, 25 Jun 2001 13:19:57 -0400
cc: Dan Harkins <dharkins@lounge.org>, jshukla <jshukla@earthlink.net>, ipsec@lists.tislabs.com
In-reply-to: Your message of "Mon, 25 Jun 2001 18:14:54 +0300." <3B37556E.9B53C800@F-Secure.com>
Reply-to: sommerfeld@East.Sun.COM
Sender: owner-ipsec@lists.tislabs.com

> Is anyone still interested in Base Mode? It would be possible to create
> a Base Mode where reception of the first message is stateless to the Responder,
> by sending the state back in msg2 encrypted with some locally known symmetric
> key, and verified upon reception in msg3. This modified Base Mode
> could then be used to replace Aggressive Mode. The rationale for changing
> Base Mode would be that nobody's yet really using it (?), and that it's cool :).
> There's a paper by Pekka Nikander explaining the theory of making protocols
> stateless, forget where that is though.

I'd be very interested in seeing a mode which is initially stateless
for the responder; it's a key bit of technology from photuris which
was never carried forward to IKE.

					- Bill

References:

Re: IPSEC Security Gateways & NAT

From: Ari Huttunen <Ari.Huttunen@F-Secure.com>

Prev by Date: Re: IPSEC Security Gateways & NAT
Next by Date: RE: IPSEC Security Gateways & NAT
Prev by thread: Re: IPSEC Security Gateways & NAT
Next by thread: RE: IPSEC Security Gateways & NAT
Index(es):
- Main
- Thread