I would like to weigh in on this point.
> - What level of identity protection do we need to provide? If two
> different IKE negotiations use the same shared secret, do we mind if someone
> can deduce that?
> Scott Fluhrer: not important
> Michael Richardson: very important
> Tommy Pauly: not important
> Valery Smylsov: this is a nice to have, but not critical
> Oscar Garcia-Morchon: this is less important, in particular if we only
> protect the IPsec traffic.
I think it would be nice to have, but only if the cost is very low. I prefer
disclosure of a key identifier to having to perform a whole series of key
derivations until one is successful.
IPsec mailing list