[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding revised identities to IKEv2



 In your previous mail you wrote:

    > And replying to Francis - I'm too lazy to check myself, but wasn't cookie 
    > (which is
    > IP address-based) used then as a part of signed contents in IKEv1 exchange?
   
   Right... if it's true, we really need to fix this
   in IKEv2 (if it's not already fixed). IKE qua
   protocol should be completely independent of which
   src address the message originated from. Anything
   that breaks that requirement needs to be fixed.
   
=> I disagree: the function of the cookie is to verify
the peer really exists at this address. But I agree
with the requirement for anything but this exception.

Regards

Francis.Dupont@enst-bretagne.fr