Jun Hu, *another approach is like you mentioned, there is IPsec implementation > could abort negotiation base on local policy config once learned peer’s > IKEv2 ID* >
I'm a little concerned about leaning on this, as the attack might involve a peer other than the victim. Concretely, the attacker might be an initiator for which the responder allows weak KE. If the victim initiator also supports weak KE with the responder, then wouldn't the attack succeed? Chris P.
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
