Paul Wouters writes:
> On Thu, 19 Jul 2018, Tero Kivinen wrote:
>
> > Thanks for Brian Weis taking minutes from the IPsecME WG meeting. I
> > did some editing and posted them on the datatracker:
> > https://datatracker.ietf.org/meeting/102/materials/minutes-102-ipsecme-00
>
> ossible mis-use by DNS server -> possible mis-use by VPN server
>
> (added after meeting to clarify: It is assumed a CA/provisioning server
> is more secure then a VPN gateway)
Fixed and added.
> Regarding:
>
> Valery: I like it. You outlined that <missed it>. Is it neceesary for
> security?
>
> Scott: No, but I put it in there because <missed it>.
>
> I believe this was about sending KE payloads for each exchange? And
> Scott left it in because it kept the existing code/protocol intact?
Like this:
Valery: I like it. You outlined that sending KE payload for each
exchange. Is it neceesary for security?
Scott: No, but I put it in there because it kept the existing
code/protocol intact.
> Dan H: Are only NIST protocols two message protocols?
>
> That should be "Are all NIst protocols two message protocols?"
Fixed.
> Paul W: One one hand you're saying you don't have enough memory to do
> full DH, but you're doing it.
>
> My question was actually:
>
> Paul W: One one hand you're saying you don't have enough memory to do
> thousands of DH, but on the other hand you can store 1000 DH
> keys?
Or "On one hand ..."?
Paul W: On one hand you're saying you don't have enough memory to do
thousands of DH, but on the other hand you can store 1000 DH
keys?
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
