[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: difference in IKE main and aggressive mode

To: Atul.Sharma@nokia.com
Subject: Re: difference in IKE main and aggressive mode
From: Hans-Joerg Hoexer <Hans-Joerg.Hoexer@yerbouti.franken.de>
Date: Fri, 6 Dec 2002 00:57:49 +0100
Cc: markus@openbsd.org, mittal@mihy.mot.com, ipsec@lists.tislabs.com
In-Reply-To: <DC504E9C3384054C8506D3E6BB012460CD890D@bsebe001.americas.nokia.com>
References: <DC504E9C3384054C8506D3E6BB012460CD890D@bsebe001.americas.nokia.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mutt/1.3.28i

Hi,

On Thu, Dec 05, 2002 at 01:26:43PM -0500, Atul.Sharma@nokia.com wrote:
> ...
> There are other restrictions with Aggressive mode....e.g. SA negotiation 
> is limited:
> 	- Cannot negotiate the DH group
> 	- when using revised mode of public key encryption, the hash and cipher
> 	  can not be negotiated

ISAKMP/IKE's weak cookie mechanism is rendered completly useless with
aggressive mode.

Cheers,
Hans
-- 
pub  1024D/513AEFD9 1999-12-18 Hans-Joerg Hoexer 
			     <Hans-Joerg.Hoexer@yerbouti.franken.de>
Key fingerprint = 83D2 436A 0D3C 34A9 E0FF  4C33 35F6 617C 513A EFD9

References:
- RE: difference in IKE main and aggressive mode
  - From: Atul.Sharma@nokia.com

Prev by Date: RE: IKEv2 transport concerns
Next by Date: RE: IKEv2 transport concerns
Prev by thread: RE: difference in IKE main and aggressive mode
Next by thread: Apologies for being unresponsive
Index(es):
- Date
- Thread