Tero Kivinen <kivi...@iki.fi> wrote:
    > IKE_SA_INIT privacy concerns - David Schinazi

    > Concerns around privacy of the peers (who the initiator is, and if the
    > responder is running IKE)

I think that we had some consensus that we should split the document into two
problem statements.  Protecting the initiator identity against MITM attackers
can be solved a whole bunch of ways.  A zero-knowledge proof would seem to
be a better way to start to me.

The problem of making the IKE responders stealthed seems like a different
problem entirely.

    > Proposal is to add a shared secret and a PRF. These are added as an


    > Michael Richardson: Smells like IKEv1 PSK with XAUTH. Unhappy about
    > that. Seems that you're able to provision PSKs to the clients. I would
    > prefer to provision a raw public key than a PSK.
    > In the case of a TLS connection, you already have a public key the
    > server can sign with. I don't want more PSKs, let's do public key
    > instead.

I just want to repeat this.

Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc
Description: PGP signature

IPsec mailing list

Reply via email to