[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: draft-ietf-ipsec-ikev2-01.txt

To: "'Radia Perlman - Boston Center for Networking'" <Radia.Perlman@sun.com>, ipsec@lists.tislabs.com, dharkins@tibernian.com, meadows@itd.nrl.navy.mil
Subject: RE: draft-ietf-ipsec-ikev2-01.txt
From: Takaoka Takayoshi <ttakaoka@nvc.co.jp>
Date: Fri, 1 Mar 2002 15:44:44 +0900
Sender: owner-ipsec@lists.tislabs.com

Please give me the link of this draft.

Best regards,
Taka

-----Original Message-----
From: Radia Perlman - Boston Center for Networking
[mailto:Radia.Perlman@sun.com] 
Sent: Friday, March 01, 2002 10:00 AM
To: ipsec@lists.tislabs.com; dharkins@tibernian.com;
meadows@itd.nrl.navy.mil
Cc: meadows@itd.nrl.navy.mil
Subject: Re: draft-ietf-ipsec-ikev2-01.txt



>>	From: "Catherine A. Meadows" <meadows@itd.nrl.navy.mil>

>>	I've got a question on the use of shared secrets to authenticate
>>	messages in the Phase I exchange in ikev2-01.  I assume that shared
>>	secrets are linked to the peers' identities. The initiator
authenticates
>>	before it has learned the responder's identity.  So, if it
authenticates
>>	using a shared secret, how does it determine what key to use?
>>	Does it assume that the responder's IP address is its identity (as
>>	I believe was done in IKEv1), or do we assume that the initiator has
>>	some other way of learning the responder's identity?

No the responder's identity does not have to be an IP address. The
assumption is that the initiator already knows who she is intending to talk
to. She looked up Bob's address based on his name "Bob" and mapped it to an
IP address. So Alice knows the shared key she shares with "Bob".

Radia

Prev by Date: revised ID -- IP Encapsulating Security Payload (ESP)
Next by Date: Re: NAT Traversal
Prev by thread: revised ID -- IP Encapsulating Security Payload (ESP)
Next by thread: RE: draft-ietf-ipsec-ikev2-01.txt
Index(es):
- Date
- Thread