At 11:24 AM +0530 8/29/11, Naveen B N (nbn) wrote:
Hi Scott,
Even with the Pre-shared secret, the protocol can't keep up the
property of " perfect Forward secrecy".
I have assumed the both the server and client use pre-shared secret,
same below methods applies to Certificate based
Authentication has well.
Below steps show why.
PFS refers to the ability of an adversary to recover the symmetric key(s)
used to encrypt traffic. The analysis you provided does not address that
concern. IKE's use of ephemeral DH provides PFS.
Steve
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
