> So is there a reason you don't want to fix this "between clients > and gateways"?
(As most of this WG members have already noticed) PSK in IKE is foolish in the sense that it is vulnerable against off-line dictionary attack while using heavy DH calculation. There is no reason not to fix this foolish PSK (regardless of "between gateways" and "between clients and gateways".) Kaz _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
