> > > > I am not sure I understand whats being meant by in-band negotiation > > here? > > Many protocols negotiate which crypto algorithm (or even more generic > security mechanism) to use. Those negotiations, if done poorly, can > be subject to downgrade attacks. > > Given how common security negotiation is, it's worthwhile to > point out > whether or not each of these protocols do it or whether they depend > entirely on static configuration of each endpoint.
All the protocols covered in this document provide the Key ID that's carried in the protocol packets that's used by the receiving end to authenticate the packet. So there is no exchange of crypto algorithms, etc that's done. We can mention this in the next revision. Cheers, Manav > > -- Sam > _______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
