Hi Paul Would a downgrade attack be possible if the PPK notify is included in the authentication material ?
cheers
On 03/04/2017, 18:21, "IPsec on behalf of Paul Wouters" <ipsec-boun...@ietf.org
on behalf of p...@nohats.ca> wrote:
I would think this is the obvious solution. I would not want to run a
connection definition that you can connect to "with or without PPK" and
run the risk of downgrade attack until the very last host has upgraded
to support PPK.
Paul
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
