[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: what 's the use of ID payloads in Main mode of preshared key?
For an explanation of why: In Main Mode, the pre-shared key must be used
before you have even received the peer's ID payload. In Aggressive mode
they are not necessarily redundant.
-dave
-----Original Message-----
From: Andrew Krywaniuk [mailto:andrew.krywaniuk@alcatel.com]
Sent: Sunday, October 21, 2001 4:40 PM
To: 'Derek Atkins'; sleepy-cat@263.net
Cc: ipsec@lists.tislabs.com
Subject: RE: what 's the use of ID payloads in Main mode of preshared
key?
Actually, the poster asked specifically about main mode with preshared keys.
The identities are indeed redundant in this case.
Andrew
-------------------------------------------
Upon closer inspection, I saw that the line
dividing black from white was in fact a shade
of grey. As I drew nearer still, the grey area
grew larger. And then I was enlightened.
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Derek Atkins
> Sent: Sunday, October 21, 2001 8:54 AM
> To: sleepy-cat@263.net
> Cc: ipsec@lists.tislabs.com
> Subject: Re: what 's the use of ID payloads in Main mode of preshared
> key?
>
>
> dxh <sleepy-cat@263.net> writes:
>
> > Are they used to authenticate? I see no need.
>
> Yes, they are used for authentication. How else are the endpoints
> supposed to indentify each other? Just using the IP address is
> insufficient, because you may have a host that has a dynamic address
> (e.g. a road warrior connection).
>
> -derek
>
> --
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> warlord@MIT.EDU PGP key available
>