[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure legacy authentication for IKEv2

To: David Jablon <dpj@theworld.com>
Subject: Re: Secure legacy authentication for IKEv2
From: Stephen Kent <kent@bbn.com>
Date: Fri, 20 Dec 2002 17:39:50 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <5.1.0.14.0.20021219134708.00a55b00@pop.theworld.com>
References: <5.1.0.14.0.20021219134708.00a55b00@pop.theworld.com>
Sender: owner-ipsec@lists.tislabs.com

At 2:06 PM -0500 12/19/02, David Jablon wrote:
>Perhaps "extensibility" should include the ability to take advantage
>of keys generated by methods that use legacy credentials.
>I've heard this referred (somewhat redundantly) as "future extensibility"
>in other protocols.
>
>Although I didn't see this capability in the SLA draft, could it be added?
>
>-- David
>

Use of keys on what way? IKE v2 has introduced a clean separation of 
key material generation via DH exchange from authentication 
processes. I don't see how a legacy authentication system would 
contribute keys for IPsec, and I would rather not see it enter into 
the key generation process now that we have a clean  separation.

Steve

Follow-Ups:
- Re: Secure legacy authentication for IKEv2
  - From: David Jablon <dpj@theworld.com>

References:
- Re: Secure legacy authentication for IKEv2
  - From: David Jablon <dpj@theworld.com>

Prev by Date: Re: Summary of revised identity changes
Next by Date: Re: speaking of keys
Prev by thread: Re: Secure legacy authentication for IKEv2
Next by thread: Re: Secure legacy authentication for IKEv2
Index(es):
- Date
- Thread