[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 SA rekeying - naming an initial SA

To: Nicolas Williams <Nicolas.Williams@sun.com>
Subject: Re: IKEv2 SA rekeying - naming an initial SA
From: Stephen Kent <kent@bbn.com>
Date: Mon, 25 Aug 2003 08:39:36 -0400
Cc: Michael Richardson <mcr@sandelman.ottawa.on.ca>, ipsec@lists.tislabs.com
In-Reply-To: <20030822153949.GY1319@binky.central.sun.com>
References: <9959.1061249453@marajade.sandelman.ottawa.on.ca><p05210603bb673c47be19@[12.159.173.175]><20030819051220.GL27057@binky.central.sun.com><p05210602bb67b6145975@[12.159.173.175]><20030820032523.GK27057@binky.central.sun.com><20030820035520.GC19235@binky.central.sun.com><p05210600bb6bc6fcfd39@[128.89.88.34]><20030822153949.GY1319@binky.central.sun.com>
Sender: owner-ipsec@lists.tislabs.com

At 8:39 -0700 8/22/03, Nicolas Williams wrote:
>On Fri, Aug 22, 2003 at 09:12:28AM -0400, Stephen Kent wrote:
>>  what part of "no" do you find puzzling :-)
>
>I didn't insist - I merely pointed out something I thought was ironic.
>
>At least you appear to have some sense of humor :)

I try.

>BTW, this "no" was to "anon IPsec."  I'd still like a session ID bound
>to initial IKE_SA KEs - please don't ignore this.

right.

>If there will never be anon IPsec then the AUTH values will do - but I'd
>like to not discount the possibility that there might be an anon IPsec
>formulation in the future.

Any admin managing an IPsec environment has the ability to issue 
credentials that are effectively anonymous, and that allows the 
effect of anonymous use of IPsec, in a given context.  Unless the WG 
changes direction in a significant way, to support unauthenticated 
IPsec, then it would be inappropriate to use the possibility of this 
change as an input in deciding on how to make a decision re this IKE 
v2 authentication issue.

Steve

Follow-Ups:
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Nicolas Williams <Nicolas.Williams@sun.com>

References:
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Stephen Kent <kent@bbn.com>
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Nicolas Williams <Nicolas.Williams@sun.com>
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Stephen Kent <kent@bbn.com>
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Nicolas Williams <Nicolas.Williams@sun.com>
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Nicolas Williams <Nicolas.Williams@sun.com>
- Re: IKEv2 SA rekeying - naming an initial SA
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: Moving forward on RFC 2401-bis
Next by Date: ECN and issue 58
Prev by thread: Re: IKEv2 SA rekeying - naming an initial SA
Next by thread: Re: IKEv2 SA rekeying - naming an initial SA
Index(es):
- Date
- Thread