[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-ikev2-01.txt
Dan:
I've got a question on the use of shared secrets to authenticate
messages in the Phase I exchange in ikev2-01. I assume that shared
secrets are linked to the peers' identities. The initiator authenticates
before it has learned the responder's identity. So, if it authenticates
using a shared secret, how does it determine what key to use?
Does it assume that the responder's IP address is its identity (as
I believe was done in IKEv1), or do we assume that the initiator has
some other way of learning the responder's identity?
Thanks in advance,
Cathy Meadows