On Wed, 16 Mar 2016, Valery Smyslov wrote:
No, because it is perfectly possible to implement IKEv1 without this
problem. Libreswan is moving towards that, see:
https://lists.libreswan.org/pipermail/swan-dev/2016-March/001394.html
Making only the initiator be responsible for retransmissions is possible in
the IKEv1 Main Mode. However, it is impossible in Aggressive Mode
(and in Quick Mode too, although it is irrelevant here).
The problem is that the last message comes from the initiator, and if this
message
got lost, the initiator never knew about it it unless the responder
retransmits the response
to the very first message from the initiator. It's an immanent feature of
IKEv1
caused by odd number of messages in these exchanges. It can't be solved.
I'm confused? Why does it matter if the initial aggressive mode request
is lost or the initial aggresside mode response is lost? to the
initiator, both look the same, so it should re-transmit its original
packet?
And besides the possibility of amplification attack, IKEv1 has so many
problems, that the only reason it is still used is maintaining
interoperability
with older products.
It does have a cryptographically stronger PSK :)
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
