Hi Michael,
> I think that the protection of IKE SA is important. This would preserve > IKEv2 security properties (like protecting identities against passive > attacker) and would allow to re-use the solution in G-IKEv2 and other > IKEv2 derivations that do transfer sensitive information within IKE SA.If the protection of the IKE SA means that we wind up in an IKEv1-like situation with Main Mode and group PSKs, then the result will be that IKE is not used.
Agree. But it is my understanding of the draft that it doesn't imply any IKEv1 like group PSKs. It allows proper selection of pair-wise PSK.
Regards, Valery. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
