RE: Do ipsec vendors care about privacy?

[Hugo Krawczyk <hugo@ee.technion.ac.il>]

A couple of messages in this thread remind us that the WG decided
that protecting the responder's identity from active attacks is preferable
to protecting I's identity from such attacks.  That's true, and I do NOT
suggest to change that decision in the general case. 

However, since ikev2 has already gone to the effort of creating a variant
of the protocol SPECIFIC for the remote access scenario then it makes
sense to take advantage of this (as long as it does not incur in a
significant cost or delay to the ikev2 document) to provide user's privacy
via a strong protection of IDi. As opposed to the general case, in which
what identity (I or R) is more important to protect is debatable (and many
of the participants in this WG have changed their minds on this at least
one time), in the remote access scenario it is OBVIOUS that hiding I's
(the user's) identity from attackers in the network is far more important
(than protecting the publicly known identity of the usually fixed-address
gateway.

If we decide not to provide user's id protection (from active attacks)
in the EAP-based remote access protocol, the rationale for that decision
must be documented (maybe in Radia's draft). This will not avoid later
complaints by vendors and researchers but at least will show that it was a
conscious decision rather than a simple overlook.

Hugo