[anonsec] details of IKE/IPsec channel binding
Stephen Kent
kent at bbn.com
Thu Mar 22 06:38:39 PDT 2007
At 6:47 AM -0500 3/22/07, Nicolas Williams wrote:
>On Thu, Mar 22, 2007 at 12:12:21PM +0200, Tero Kivinen wrote:
>> Nicolas Williams writes:
>> > Again, this has to work with IKEv1. Bill so insisted, and I agree.
>>
>> Hmm... the BTNS charter only talks about "Current Internet Protocol
>> security protocol (IPsec) and Internet Key Exchange protocol (IKE)",
>> it does not mention IKEv1 anywhere.
>>
>> The current IPsec and IKE is the RFC430x series, i.e. IKEv2. The old
>> RFC240x series is obsoleted.
>
>IKEv1 is certainly not obsoleted. And RFC4301 does support IKEv1, does
>it not?
4301 includes mandatory features that IKEv1 cannot negotiate, so in
that sense 4301 assumes use of IKEv2.
Steve
More information about the ANONSEC
mailing list