Hi everyone,
I'd like to start off by saying that I have read draft-fluhrer-qr-ikev2-04 and
I really like it, particularly the fact that it is a minor change, does not add
RTTs and keeps existing properties.
I have however come across two privacy attack vectors that IKEv2 is vulnerable
to,
On Fri, 11 Aug 2017, David Schinazi wrote:
1) Active man-in-the-middle attack against the initiator
An attacker that can intercept and spoof packets can complete the SA_INIT part
of the exchange with both sides and get the initiator to disclose its IDi (and
PPK_id). This allows an attacker to
Hi all,
In RFC 7321, we basically said that ESP is preferred over AH. However, that
recommendation is not in the current RFC7321bis.
Was that an accidental mistake or because people using AH wanted to remove that
recommendation ?
Thank you,
Quynh.
Hi Dang,
My understanding is that the usage of AH vs ESP is outside the scope of
recommendations mandatory to implement cryptography. It is mostly a usage
concern. In my view AH and ESP are both mandatory to be implemented and
RFC7321bis limits its scope to the crypto recommendations.
Do you
On Fri, 11 Aug 2017, Dang, Quynh (Fed) wrote:
In RFC 7321, we basically said that ESP is preferred over AH. However, that
recommendation is not in the current RFC7321bis.
Was that an accidental mistake or because people using AH wanted to remove that
recommendation ?
Daniel already
I think that would be a very useful document.
Quynh.
From: Paul Wouters
Sent: Friday, August 11, 2017 11:05:59 AM
To: Dang, Quynh (Fed)
Cc: ipsec@ietf.org
Subject: Re: [IPsec] Preference of ESP over AH in RFC7321bis question.
On Fri, 11 Aug