[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-ikev2-01.txt

To: ipsec@lists.tislabs.com, dharkins@tibernian.com, meadows@itd.nrl.navy.mil
Subject: Re: draft-ietf-ipsec-ikev2-01.txt
From: Radia Perlman - Boston Center for Networking <Radia.Perlman@sun.com>
Date: Thu, 28 Feb 2002 19:59:51 -0500 (EST)
Cc: meadows@itd.nrl.navy.mil
Reply-To: Radia Perlman - Boston Center for Networking <Radia.Perlman@sun.com>
Sender: owner-ipsec@lists.tislabs.com


>>	From: "Catherine A. Meadows" <meadows@itd.nrl.navy.mil>

>>	I've got a question on the use of shared secrets to authenticate
>>	messages in the Phase I exchange in ikev2-01.  I assume that shared
>>	secrets are linked to the peers' identities. The initiator authenticates
>>	before it has learned the responder's identity.  So, if it authenticates
>>	using a shared secret, how does it determine what key to use?
>>	Does it assume that the responder's IP address is its identity (as
>>	I believe was done in IKEv1), or do we assume that the initiator has
>>	some other way of learning the responder's identity?

No the responder's identity does not have to be an IP address.
The assumption is that the initiator already knows who she is intending
to talk to. She looked up Bob's address based on
his name "Bob" and mapped it to an IP address. So Alice knows the
shared key she shares with "Bob".

Radia

Prev by Date: RE: draft-ietf-ipsec-ikev2-01.txt
Next by Date: RE: NAT Traversal
Prev by thread: Re: draft-ietf-ipsec-ikev2-01.txt
Next by thread: ACC device certificates RE: NAT Traversal
Index(es):
- Date
- Thread