[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKEv2: active user identity protection

To: <Heiko.Knospe@t-systems.com>, <ipsec@lists.tislabs.com>
Subject: RE: IKEv2: active user identity protection
From: jknowles@SonicWALL.com
Date: Fri, 27 Jun 2003 14:53:05 -0700
Sender: owner-ipsec@lists.tislabs.com
Thread-Index: AcM8xCpV56g65f+fQiW8E85kQu8FsQAMQg7g
Thread-Topic: IKEv2: active user identity protection

I also support Hugo's suggested changes to provide this
protection.  I think many end-user scenarios demand it.
Aggressive mode failed to protect identities and is
criticized for this (I heard today this exact criticism
from a customer).  We still have a chance to fix this
without unnecessary delay.

Regards,

Jim

> -----Original Message-----
> From: Knospe, Heiko [mailto:Heiko.Knospe@t-systems.com]
> Sent: Friday, June 27, 2003 7:25 AM
> To: ipsec@lists.tislabs.com
> Subject: IKEv2: active user identity protection 
> 
> 
> Dear all,
> 
> I would also strongly support active user identity 
> confidentiality protection for the initiator within IKEv2. 
> The issue was recently raised by several people. We analysed 
> the topic in the SHAMAN project and considered it a 
> significant security requirement. It seems particularly 
> important for wireless connections where attacks can easily 
> be launched.
> 
> Best wishes,
> Heiko Knospe
> 
> T-Systems
> ITC Security
> Am Kavalleriesand 3
> D 64295 Darmstadt
> Germany
> 
> Tel. ++49 6151 832033 
> 
>

Follow-Ups:
- RE: IKEv2: active user identity protection
  - From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: Re: issue with "per-interface SAD/SPD"
Next by Date: Re: IKE negotiation for fragmentation controls in IPsec
Prev by thread: IKEv2: active user identity protection
Next by thread: RE: IKEv2: active user identity protection
Index(es):
- Date
- Thread