At 4:37 PM +0200 10/20/10, Yoav Nir wrote:
Yaron: 10.3: of course, it is possible that *both* implementations
generate predictable/short SPI values
Hi all.
I think this one was solved together with ticket #191 ("The danger
of predictable SPIs"), but requiring that the token maker randomize
IKE SPIs.
Unless somebody (like Yaron) objects within the next few days, I
will close this issue as well.
And yes, Yaron, I have made the language about the PRNG less "wimpy".
Yoav
Why not allow either peer (or both) to add a sizeable nonce as a separate
source of unpredictable data?
Steve
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
