[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The remaining IKEv2 issues
On 8/24/2003 3:32 AM, Yoav Nir wrote:
> Hi Uri,
Hi, and thanks for your response.
> Re: not using kg methods. SecurID belongs to a certain vendor, and
> they can create a kg method that suits them. In fact, they have, but
> they won't publish the spec, so I can't implement it.
Yes, but what I had in mind is - at the very worst we can mix the
data from the exchange into the key generation mechanism input.
Would it not make sense?
> Now let's take another example. A customer keeps all his
> username/passwords on the mainframe, because that's the only computer
> they trust. The only access our IKE gateway has to the mainframe is
> running something called a RACINIT, that allows you to pass the
> username and the password, and get a yes/no response. How can we get
> this to work, if the gateway never knows what the password is?....
Yes I see your point...
Thanks!
Regards,
Uri.