[anonsec] details of IKE/IPsec channel binding
Michael Richardson
mcr at sandelman.ottawa.on.ca
Tue Apr 3 07:39:46 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Julien" == Julien Laganier <julien.IETF at laposte.net> writes:
Julien> You might also want to do something similar to what HIP
Julien> does:
Julien> min(pk_i, pk_r) || max(pk_i, pk_r) so that the channel
Julien> bindings between two peers is independent from who initiated
Julien> the IKE exchange.
I agree that perhaps this makes more sense.
I was going to propose ordering by ordered IP addresses, but this is
perhaps more cool.
- --
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBRhJnJoCLcPvd0N1lAQKUwgf7BwOfcdlyh1SDroIKd9QWjylkqv99KwJ3
7VMEQeBosZKsJQjAK5S4tpiL1G2NGyxMUqSA0PjXGhKoyOhDRFBvE0ykNAJn/mZ6
c3hR3JAcz9ZAZlvCjfWJ19Wm/ZxLoR4J+aYg3/LSzE4LZLQ9/QvK70V4XDue9us/
oZqGnySygeYmZCFidPfiwLfVT+aryJsOXQfI9QmrchmfSSek1SUZat7xwQJFE9vZ
5eic0jL73zHuuvYf/eC532bVU1a9v+Hl05YJvH2gl3tqrfNfRkhya5OfonfY2qyB
6Sn8GdUuNKLgqAYzlC/2trG3mFZGiXc/KXarmLZLWXf6jNp2MjNdgw==
=80ek
-----END PGP SIGNATURE-----
More information about the ANONSEC
mailing list