[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: identity protection and DOS



Henry Spencer writes:
 > You have not actually established your key underlying assumption, that
 > identity protection necessarily involves substantial extra cost.
 > 
 > The proposed IKEv2, if I've read the spec correctly, establishes both
 > an ISAKMP SA and a set of IPsec SAs, *with* full identity protection,
 > in 2 round trips.  It is difficult to imagine improving on that.
 > 
 > (IKE needs 2.5 round trips *without* identity protection.)

   Fine, then IKEv2 meets my proposed requirement. That
   doesn't negate the requirement, or the reason to have it.
   We are still talking about requirements, right? 

	  Mike


Follow-Ups: References: