Re: "Me Tarzan, You Jane" in IKEv2-05

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Geoffrey" == Geoffrey Huang <ghuang@cisco.com> writes:
    Geoffrey> Interesting, but I'm still convinced that the responder can use
    Geoffrey> the initiator's identity to determine how to respond.  I'm not
    Geoffrey> certain how a process-to-process tunnel would look exactly,
    Geoffrey> though. 

  Please explain to me how the responder can do this.

  My telnet process will say, quite simply, to the kernel:

  My ID  = mcr@marajade.dasblinkenled.org
  YourID = sales@lox.sandelman.ca

  (To login to the "sales" account that I have)

  Using ME-tarzan/You-Jane, my IKE would say:

  ME =mcr@marajade.dasblinkenled.org
  YOU=sales@lox.sandelman.ca

  Without ME-Tarzan/You-Jane, the IKE would say:

  ME=mcr@marajade.dasblinkenled.org

  How does the responder pick the right private key to respond with?

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

	


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPnZtzIqHRg3pndX9AQHTPgQA2WOw07CC8s2KU24n3cYCz497Q3heHyax
9wP3iQ6JVHYdmSSTUKCLH5iM5GbuKfR+aLXs5Ky7jrF8oR6Jdo9+jBX1y0ZalqLq
ZcwbdHzI8ci8mB1BEKJfd9k71yaMoMHoQcqOgM4zZDk64itjTH0C4i2fZmCDf04Z
IP42w1Xn6XY=
=/HdE
-----END PGP SIGNATURE-----