[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
Henry Spencer writes:
> You have not actually established your key underlying assumption, that
> identity protection necessarily involves substantial extra cost.
>
> The proposed IKEv2, if I've read the spec correctly, establishes both
> an ISAKMP SA and a set of IPsec SAs, *with* full identity protection,
> in 2 round trips. It is difficult to imagine improving on that.
>
> (IKE needs 2.5 round trips *without* identity protection.)
Fine, then IKEv2 meets my proposed requirement. That
doesn't negate the requirement, or the reason to have it.
We are still talking about requirements, right?
Mike
Follow-Ups:
References: