And if the mechanism does strong KE then you don't lose a round-trip nor do channel binding as in my previous example.
The differences between Tero's and my proposal, then are pretty simple: - the way mechanisms are named; - names are sent in each mech's messages, not in separate IKE payloads; - weaker PAKEs, like SCRAM would be used with channel binding to an IKE KE exchange (while stronger ones simply output key material, avoiding the need for an IKE KE). That's it. Also, my way you'd be using the GSS-API framework, but you wouldn't have to be aware of that :) Nico --
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
