Hi, > > > The NULL authentication (RFC7619) is logically incompatible with this > > > (it being opportunistic and this requiring configuration), so I think > > > we can say this will not be used with it. Or we can just say that can > > > be used, and SK_pi are used as specified here and in the RFC7619... > > > > I would just say don't use both :) > > Good. I was scared you might say, that of course we need to be able to > use NULL authentication with quantum protection...
If both peers use NULL authentication, then there is no sense to use PPK, since it is assumed that there is no trusted relationship between them (and thus they don't share PPK). However, if NULL authentication is used by only one peer (e.g. to keep his/her anonymity), then the PPK can be used by the other side. Regards, Valery. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
