[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IPSec] : exchange mode - query

To: <Lev.Finkel@ecitele.com>, <ipsec@lists.tislabs.com>
Subject: Re: [IPSec] : exchange mode - query
From: "Qiang Zhang" <qzhang@aber-networks.com>
Date: Tue, 30 Jul 2002 11:48:37 -0400
Cc: <Oleg.Litvak@ecitele.com>
References: <OF1544D9FF.0F863C38-ONC2256C06.0021B22F@ecitele.com>
Sender: owner-ipsec@lists.tislabs.com

In mainmode, the responder has to use the initiators Source IP address in
the IP header as identifier to search for preshared secret in the database.
Thus not suitable for remote access scenarios.

Q
----- Original Message -----
From: <Lev.Finkel@ecitele.com>
To: <ipsec@lists.tislabs.com>
Cc: <Oleg.Litvak@ecitele.com>
Sent: Tuesday, July 30, 2002 2:22 AM
Subject: [IPSec] : exchange mode - query


> Hi all,
>
> in the security consideration of some Internet drafts (e.g. Diameter) I
> found the statement that "When pre-shared keys are used for
authentication,
> IKE Aggressive Mode SHOULD be used, and IKE Main Mode SHOULD NOT be used".
> Can someone explain why it's not recommended to use Main Mode with
> pre-shared keys? It will be nice to have a reference to such explanation
in
> other docs.
>
> with regards,
> Lev Finkel
>
>

References:
- [IPSec] : exchange mode - query
  - From: Lev.Finkel@ecitele.com

Prev by Date: Re: Clarification of potential NAT multiple client solutions
Next by Date: Re: [IPSec] : exchange mode - query
Prev by thread: [IPSec] : exchange mode - query
Next by thread: Re: [IPSec] : exchange mode - query
Index(es):
- Date
- Thread