[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEV2: Issue #1: Legacy Authentication



Theodore Ts'o wrote:
> 
> In the recent round of discussion, no one besides Hugo has expressed a
> desire for providing protection of the initiator's identity against
> active attacks in the case of legacy authentication.  Therefore, in
> the absence of such support, the current language in ikev2-04, which
> requires IDi in message 3, shall stand.  If there are people who
> believe that this should be made optional (trading off additional
> complexity plus the extra round trip at setup time), please make your
> preferences known.
> 
I'm all for reducing complexity in the protocol, even if it means that there's
  an identity-disclosing active attack possible.

-- 
----------------------------------------------------------------------
Marcus Leech                             Mail:   Dept 8M70, MS 012, FITZ
Advisor                                  Phone: (ESN) 393-9145  +1 613 763 9145
Security Architecture and Planning       Fax:   (ESN) 393-9435  +1 613 763 9435
Nortel Networks                          mleech@xxxxxxxxxxxxxxxxxx
-----------------Expressed opinions are my own, not my employer's------