[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The remaining IKEv2 issues
At 14:17 -0400 8/27/03, Uri Blumenthal wrote:
>On 8/24/2003 3:32 AM, Yoav Nir wrote:
>> Hi Uri,
>
>Hi, and thanks for your response.
>
>> Re: not using kg methods. SecurID belongs to a certain vendor, and
>> they can create a kg method that suits them. In fact, they have, but
>> they won't publish the spec, so I can't implement it.
>
>Yes, but what I had in mind is - at the very worst we can mix the
>data from the exchange into the key generation mechanism input.
>
>Would it not make sense?
We have managed to cleanly separate the key generation function from
the authentication function in IKE v2 and I think it would be
preferable to keep them separate.
Steve