[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Me Tarzan, You Jane" in IKEv2-05
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Geoffrey" == Geoffrey Huang <ghuang@cisco.com> writes:
Geoffrey> Interesting, but I'm still convinced that the responder can use
Geoffrey> the initiator's identity to determine how to respond. I'm not
Geoffrey> certain how a process-to-process tunnel would look exactly,
Geoffrey> though.
Please explain to me how the responder can do this.
My telnet process will say, quite simply, to the kernel:
My ID = mcr@marajade.dasblinkenled.org
YourID = sales@lox.sandelman.ca
(To login to the "sales" account that I have)
Using ME-tarzan/You-Jane, my IKE would say:
ME =mcr@marajade.dasblinkenled.org
YOU=sales@lox.sandelman.ca
Without ME-Tarzan/You-Jane, the IKE would say:
ME=mcr@marajade.dasblinkenled.org
How does the responder pick the right private key to respond with?
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPnZtzIqHRg3pndX9AQHTPgQA2WOw07CC8s2KU24n3cYCz497Q3heHyax
9wP3iQ6JVHYdmSSTUKCLH5iM5GbuKfR+aLXs5Ky7jrF8oR6Jdo9+jBX1y0ZalqLq
ZcwbdHzI8ci8mB1BEKJfd9k71yaMoMHoQcqOgM4zZDk64itjTH0C4i2fZmCDf04Z
IP42w1Xn6XY=
=/HdE
-----END PGP SIGNATURE-----