> -----Original Message----- > From: Valery Smyslov [mailto:[email protected]] > Sent: Friday, February 26, 2016 9:19 AM > To: Michael Richardson > Cc: Scott Fluhrer (sfluhrer); Tero Kivinen; [email protected] > Subject: Re: [IPsec] draft-fluhrer-qr-ikev2-01 > > Hi Michael, > > > > I think that the protection of IKE SA is important. This would > > preserve > > > IKEv2 security properties (like protecting identities against passive > > > attacker) and would allow to re-use the solution in G-IKEv2 and other > > > IKEv2 derivations that do transfer sensitive information within IKE > > SA. > > > > If the protection of the IKE SA means that we wind up in an IKEv1-like > > situation with Main Mode and group PSKs, then the result will be that > > IKE is not used. > > Agree. But it is my understanding of the draft that it doesn't imply any > IKEv1 like group PSKs. It allows proper selection of pair-wise PSK.
Yes, the intention is to allow someone to set up pairwise PPK's. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
