[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Authentication methods in IKEv2
At 9:33 AM +0300 11/12/02, Valery Smyslov wrote:
>----- Original Message -----
>From: "David Faucher" <dfaucher@lucent.com>
>To: "Valery Smyslov" <svan@trustworks.com>; <ipsec@lists.tislabs.com>; "Paul
>Hoffman / VPNC" <paul.hoffman@vpnc.org>
>Sent: Monday, November 11, 2002 9:49 PM
>Subject: Re: Authentication methods in IKEv2
>
>
>> Even in the absence of negotiating the authentication
>> method I think there is value in specifying which method
>> an endpoint has used, rather than leaving it up to the
>> receiving end to determine the structure of the "auth"
>> blob of data.
>
>Exactly. It can be achived, for example, by adding field "Authentication
>Data Type"
>into Authentication Payload.
Fully agree. This is an easy addition and it prevents the receiving
party to have to figure it out from the ID. The cost is only two
octets.
--Paul Hoffman, Director
--VPN Consortium