Hi I know we don't like IKEv1 questions, but RFC 4754 does mention it, so here goes. And sorry if this has been discussed before. I couldn't find it.
In IKEv1 the authentication method is negotiated as an SA parameter. So presumably the Initiator proposes RSA signatures, ECDSA with the P-256 curve, etc, and the Responder chooses one of them. This happens in packets #1 and #2. Later the certificate to actually present (in packets #5 and #6) is chosen based on a Certificate Request payload, and availability. This is different from IKEv2, where authentication method is implied by the certificates rather than negotiated. So two questions: 1. Is it impossible to have one peer authenticate with RSA while the other authenticates with ECDSA, or even to mix curves? Or am I missing something? 2. What if an IKE endpoint has >1 certificates, but the one best-suited for the certificate request has a different type key than the one agreed to in packet #2? If I'm not missing something, it seems like IKEv1 is the wrong vehicle for the gradual introduction of ECDSA. I'm not proposing to fix it, just trying to understand. Yoav _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
