[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The remaining IKEv2 issues
On 8/27/2003 2:51 PM, Stephen Kent wrote:
>>Yes, but what I had in mind is - at the very worst we can mix the
>>data from the exchange into the key generation mechanism input.
>>
>>Would it not make sense?
>
> We have managed to cleanly separate the key generation function from
> the authentication function in IKE v2 and I think it would be
> preferable to keep them separate.
Well, you can consider SecureID output as one of the nonces,
or append it to the client's nonce... I see your point - but
I'm sure you see mine.