On Thu, 30 Nov 2017, Valery Smyslov wrote:
Doesn't ID_KEY_ID unambiguously determine the FQDN?
Yes, but indirectly and incoveniently.
Moreover, while ID_KEY_ID is often an opaque data, an FQDN reveals perceived responder identity to an active attacker, so there are some privacy concerns...
Any internet-wide opportunistic method depends on some public method to find public keys, so that information, FQDN or opaque, is available to the attacker anyway. However, come to think of it, the IDr payload could help David for his hidden-in-TLS feature so it would not depend on PPK. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
