Hi,
following the recent discussion on the mailing list, Scott Fluhrer and
myself just published a draft that updates RFC 5996 by adding the
required recipient-side tests for ECDH. Please see
http://www.ietf.org/internet-drafts/draft-sheffer-ipsecme-dh-checks-00.txt.
We have not addressed the issues raised by Dan and Tero regarding
inconsistencies between various RFCs that define ECDH groups for IKE. I
personally deem these issues to be out of scope of the current document.
Comments are very welcome.
Thanks,
Yaron
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
