Paul Wouters writes: > If you have a static 256 bit random shared secret, why not use it > as PRF for KEYMAT and skip IKE altogether :P
That would generate same key for each IPsec SA, which would be really bad especially if you are using any of the modern modes (GCM, CCM, CTR). Static traffic keys are bad. Static authentication keys are ok. Static shared secret used to derive the traffic keys in such way that it will be unique and allows rekeying traffic keys it also ok. You do need at least nonce exchange in IKE to make sure keys are different every time. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
