[anonsec] details of IKE/IPsec channel binding
kent at bbn.com
Thu Mar 22 06:38:39 PDT 2007
At 6:47 AM -0500 3/22/07, Nicolas Williams wrote:
>On Thu, Mar 22, 2007 at 12:12:21PM +0200, Tero Kivinen wrote:
>> Nicolas Williams writes:
>> > Again, this has to work with IKEv1. Bill so insisted, and I agree.
>> Hmm... the BTNS charter only talks about "Current Internet Protocol
>> security protocol (IPsec) and Internet Key Exchange protocol (IKE)",
>> it does not mention IKEv1 anywhere.
>> The current IPsec and IKE is the RFC430x series, i.e. IKEv2. The old
>> RFC240x series is obsoleted.
>IKEv1 is certainly not obsoleted. And RFC4301 does support IKEv1, does
4301 includes mandatory features that IKEv1 cannot negotiate, so in
that sense 4301 assumes use of IKEv2.
More information about the ANONSEC