Yaron: 10.3: of course, it is possible that *both* implementations generate
predictable/short SPI values
Hi all.
I think this one was solved together with ticket #191 ("The danger of
predictable SPIs"), but requiring that the token maker randomize IKE SPIs.
Unless somebody (like Yaron) objects within the next few days, I will close
this issue as well.
And yes, Yaron, I have made the language about the PRNG less "wimpy".
Yoav
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
