[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 SA rekeying - naming an initial SA

To: Nicolas Williams <Nicolas.Williams@sun.com>
Subject: Re: IKEv2 SA rekeying - naming an initial SA
From: Stephen Kent <kent@bbn.com>
Date: Tue, 19 Aug 2003 16:31:36 -0400
Cc: Michael Richardson <mcr@sandelman.ottawa.on.ca>, ipsec@lists.tislabs.com
In-Reply-To: <20030819051220.GL27057@binky.central.sun.com>
References: <9959.1061249453@marajade.sandelman.ottawa.on.ca><p05210603bb673c47be19@[12.159.173.175]><20030819051220.GL27057@binky.central.sun.com>
Sender: owner-ipsec@lists.tislabs.com

Nico,

sorry for the confusion on my part. I though you were trying to find 
a way to ID SAs for rekeying in IKE.  That was the context in which I 
made my original suggestion. With the sorts of authentication we have 
historically defined for use with IKE, MITM attacks are not an issue, 
s

IPsec has no anonymous mode, because access control is an essential 
feature of IPsec, unlike SSL.  So, no arguments based on the latter 
paragraph of your message are likely to be appropriate in this 
context.

Steve

Follow-Ups:
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Nicolas Williams <Nicolas.Williams@sun.com>

References:
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Stephen Kent <kent@bbn.com>
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Nicolas Williams <Nicolas.Williams@sun.com>

Prev by Date: Re: The remaining IKEv2 issues
Next by Date: Re: IKEv2 SA rekeying - naming an initial SA
Prev by thread: Re: IKEv2 SA rekeying - naming an initial SA
Next by thread: Re: IKEv2 SA rekeying - naming an initial SA
Index(es):
- Date
- Thread