[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Avoiding tricking IKE v2 nodes into talking v1
At 10:00 AM -0700 8/26/02, Dan Harkins wrote:
> If something really has to be done I suggest we come up with an
>IKEv1 "vendor ID" payload that says something like "I can actually
>speak a higher version of IKE". This payload would be sent in the
>5th and 6th message in Main Mode or the 2nd and 3rd in Aggressive
>Mode.
This sounds like the cleanest approach, and it matches what most
implementations use vendor ID payloads for.
>Most implementations can handle "vendor ID" payloads in these
>parts of the exchanges.
If the WG is worried about this, VPNC could probably test this fairly
quickly among our members' products.
--Paul Hoffman, Director
--VPN Consortium