[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEV2: Issue #1: Legacy Authentication



For the record then, I would prefer that we protect against this but it 
does seem that this is the minority view.

Derrell

On Friday, February 7, 2003, at 07:34  PM, Theodore Ts'o wrote:

> In the recent round of discussion, no one besides Hugo has expressed a
> desire for providing protection of the initiator's identity against
> active attacks in the case of legacy authentication.  Therefore, in
> the absence of such support, the current language in ikev2-04, which
> requires IDi in message 3, shall stand.  If there are people who
> believe that this should be made optional (trading off additional
> complexity plus the extra round trip at setup time), please make your
> preferences known.