[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Ipsec] new internet draftt - draft-touch-anonsec



Joe

What is the difference between AnonIKE and having the same
pre-shared key (as in preshared_key ="anonIKE") in all of the points of
interest?

I think this would get you the same effect. I also fail to see what is 
so scary about adding the ACK response to RST to TCP as described in
tcpm draft that came out. Your argument in the draft does not 
actually show a fundamental problem with this approach.

Finally, as is widely discussed, IKEv1 is not the most robust protocol
as far as responsiveness to DOS attacks. By requiring these nodes to do
IKE, I think we would opening ourselves up for more problems.

Regards,

Bora


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec