Scott Fluhrer (sfluhrer) <[email protected]> wrote: > - What level of identity protection do we need to provide? If two > different IKE negotiations use the same shared secret, do we mind if > someone can deduce that?
I think that this depends greatly upon the deployment scenario.
> - Authentication; if someone with a Quantum Computer can break the DH
> in real time, do we care if he can act as a man-in-the-middle? Scott
> Fluhrer: not important Michael Richardson: important, provided that we
> don't run into the same issues that IKEv1 PSKs ran into Tommy Pauly:
> not important Valery Smylsov: this would be nice to have Oscar
> Garcia-Morchon: this would be nice to have
I'm very concerned that we don't wind up with insecure Group PSKs as we had
with IKEv1.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
