On Thu, 19 Jul 2018, Tero Kivinen wrote:
Thanks for Brian Weis taking minutes from the IPsecME WG meeting. I
did some editing and posted them on the datatracker:
https://datatracker.ietf.org/meeting/102/materials/minutes-102-ipsecme-00
ossible mis-use by DNS server -> possible mis-use by VPN server
(added after meeting to clarify: It is assumed a CA/provisioning server
is more secure then a VPN gateway)
Regarding:
Valery: I like it. You outlined that <missed it>. Is it neceesary for
security?
Scott: No, but I put it in there because <missed it>.
I believe this was about sending KE payloads for each exchange? And
Scott left it in because it kept the existing code/protocol intact?
Dan H: Are only NIST protocols two message protocols?
That should be "Are all NIst protocols two message protocols?"
Paul W: One one hand you're saying you don't have enough memory to do
full DH, but you're doing it.
My question was actually:
Paul W: One one hand you're saying you don't have enough memory to do
thousands of DH, but on the other hand you can store 1000 DH
keys?
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
