[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKEV2: Issue #1: Legacy Authentication
Theodore Ts'o wrote:
>
> In the recent round of discussion, no one besides Hugo has expressed a
> desire for providing protection of the initiator's identity against
> active attacks in the case of legacy authentication. Therefore, in
> the absence of such support, the current language in ikev2-04, which
> requires IDi in message 3, shall stand. If there are people who
> believe that this should be made optional (trading off additional
> complexity plus the extra round trip at setup time), please make your
> preferences known.
>
I'm all for reducing complexity in the protocol, even if it means that there's
an identity-disclosing active attack possible.
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M70, MS 012, FITZ
Advisor Phone: (ESN) 393-9145 +1 613 763 9145
Security Architecture and Planning Fax: (ESN) 393-9435 +1 613 763 9435
Nortel Networks mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------