[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Adding revised identities to IKEv2
In your previous mail you wrote:
And replying to Francis - I'm too lazy to check myself, but wasn't cookie
(which is
IP address-based) used then as a part of signed contents in IKEv1 exchange?
=> the cookie is built by the other peer so the only effect is the
addresses must remain the same between all packets of a phase,
a check which is currently done even between phases.
Can you explain how cookies can forbid an attacker to change en route
or as the peer to put a rogue address in all messages?
Regards
Francis.Dupont@enst-bretagne.fr