Yoav Nir writes:
> Yes, you can sort-of negotiate DH groups, but you don't have the
> "New Group Mode" that we had in section 5.6 or RFC 2409.
Yes, that was left out but as it was seen that nobody will accept new
group proposed from unknown party without checking it first, and
checking that the m
Yes, you can sort-of negotiate DH groups, but you don't have the "New Group
Mode" that we had in section 5.6 or RFC 2409.
So with RFC 4306, you're stuck with only those groups that appear in the IANA
registry, rather than your own pet DH groups.
On Mar 2, 2010, at 10:49 PM, Yaron Sheffer wrote:
aul Hoffman; IPsecme WG
> Subject: Re: [IPsec] Beginning discussion on secure password-only
> authentication for IKEv2
>
>
> Hi Yaron,
>
> The discussion is on the secure password-only authentication work
> item
> in which a password authenticated key exchange i
Hi David,
On Tue, March 2, 2010 3:49 pm, black_da...@emc.com wrote:
[snip]
>
> OTOH, I think you've oversimplified here ...
>
>> The candidate exchanges all rely on the "hard problem" of doing a
>> discrete logarithm in one of the defined groups. It's the same "hard
>> problem" that makes th
7786
black_da...@emc.com Mobile: +1 (978) 394-7754
> -Original Message-
> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Dan
> Harkins
> Sent: Tuesday, March 02, 2010 5:55 PM
> To: Pa
Hi Paul,
On Tue, March 2, 2010 1:37 pm, Paul Hoffman wrote:
[snip]
>> RFC 2409 supported negotiation of various parameters, like the group
>>used for the Diffie-Hellman key exchange. That was removed in RFC 4306.
>>All of the candidate exchanges listed in draft-sheffer-ipsecme-pake-
>>criteria
gt;> -Original Message-
>> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
>> Of Dan Harkins
>> Sent: Tuesday, March 02, 2010 22:12
>> To: Paul Hoffman
>> Cc: IPsecme WG; c...@irtf.org
>> Subject: Re: [IPsec] Beginning discussion o
At 12:12 PM -0800 3/2/10, Dan Harkins wrote:
> There are other criteria that should be evaluated in making a
>decision, such as how well does the solution fits into IKE(v2) and
>does it support "crypto agility".
...and what we mean by "agility". To some, that means "in-protocol negotiation
of pa
.org
> Subject: Re: [IPsec] Beginning discussion on secure password-only
> authentication for IKEv2
>
>
> Hello,
>
> There are other criteria that should be evaluated in making a
> decision, such as how well does the solution fits into IKE(v2) and
> does it suppor
Hello,
There are other criteria that should be evaluated in making a
decision, such as how well does the solution fits into IKE(v2) and
does it support "crypto agility".
RFC 2409 supported negotiation of various parameters, like the group
used for the Diffie-Hellman key exchange. That was
Greetings again. This message is cross-posted to both the IPsecME WG and the
CFRG because it pertains to both groups.
The recently-revised IPsecME charter has a new work item in it:
==
- IKEv2 supports mutual authentication with a shared secret, but this
mechanism is intended for "strong
11 matches
Mail list logo
