Valery Smyslov <[email protected]> wrote: > So, this is not an attack against IKEv2 per se. Without running IKEv1 > code with enabled (R)PKE the attack is impossible. So in my opinion > the authors are not accurate claiming that this is attack against IKEv2
Agreed. They use IKEv1 RPKE to generate signatures, and then use them. We use the same keys for IKEv1 and IKEv2 because we want to transition to IKEv2 in as seamless a way as possible. Clearly, we could recommend replacing keys when a node has only IKEv2 neighbours, but at that point, we can turn off IKEv1 anyway, and the attack isn't possible anymore. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
