[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure legacy authentication for IKEv2

To: David Jablon <dpj@xxxxxxxxxxxx>
Subject: Re: Secure legacy authentication for IKEv2
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 20 Dec 2002 17:39:50 -0500
Cc: ipsec@xxxxxxxxxxxxxxxxx
In-reply-to: <>
References: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

At 2:06 PM -0500 12/19/02, David Jablon wrote:

Perhaps "extensibility" should include the ability to take advantage
of keys generated by methods that use legacy credentials.
I've heard this referred (somewhat redundantly) as "future extensibility"
in other protocols.

Although I didn't see this capability in the SLA draft, could it be added?

-- David

Use of keys on what way? IKE v2 has introduced a clean separation of key material generation via DH exchange from authentication processes. I don't see how a legacy authentication system would contribute keys for IPsec, and I would rather not see it enter into the key generation process now that we have a clean separation.

Steve

Follow-Ups:
- Re: Secure legacy authentication for IKEv2
  - From: David Jablon

References:
- Re: Secure legacy authentication for IKEv2
  - From: David Jablon

Prev by Date: Re: Summary of revised identity changes
Next by Date: Re: speaking of keys
Previous by thread: Re: Secure legacy authentication for IKEv2
Next by thread: Re: Secure legacy authentication for IKEv2
Index(es):
- Date
- Thread