[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The remaining IKEv2 issues
At 17:26 -0400 8/27/03, Uri Blumenthal wrote:
>On 8/27/2003 2:51 PM, Stephen Kent wrote:
>>>Yes, but what I had in mind is - at the very worst we can mix the
>>>data from the exchange into the key generation mechanism input.
>>>
>>>Would it not make sense?
>>
>> We have managed to cleanly separate the key generation function from
>> the authentication function in IKE v2 and I think it would be
>> preferable to keep them separate.
>
>Well, you can consider SecureID output as one of the nonces,
>or append it to the client's nonce... I see your point - but
>I'm sure you see mine.
I fear you are right, i.e., I don't see your point. But, unless other
folks want to pursue approach this at this late stage in the IKE
work, let's not devote more time to debating this.
Steve