> -Original Message-
> From: Valery Smyslov
> Sent: Thursday, November 01, 2018 7:14 AM
> To: Scott Fluhrer (sfluhrer) ; 'IPsecME WG'
>
> Cc: draft-tjhai-ipsecme-hybrid-qske-ik...@ietf.org
> Subject: RE: Some comments on draft-tjhai-ipsecme-hybrid-qske-ikev2-02
>
> Hi Scott,
>
> > > 1.
Hi all,
>
> That implementation is broken, and needs to be fixed.
What's the procedure on this? Is there a need to publish a document or
some test vectors that all implementations can validate against?
Personally, it is more logical to introduce new transform types for
QSKEs, but one of my
On 01/11/2018, 10:00, "CJ Tjhai" wrote:
Hi all,
>
> That implementation is broken, and needs to be fixed.
What's the procedure on this? Is there a need to publish a document or
some test vectors that all implementations can validate against?
Personally, it is more
Hi Scott,
> > 1. Nonces.
> >
> > The draft specifies that each additional key exchange performed
> > over IKE_AUX includes new nonces. My question - why nonces exchanged
> > during IKE_SA_INIT cannot be used instead? Is it critical for security?
>
> No, it is not. Instead, we were
Hi CJ,
> > That implementation is broken, and needs to be fixed.
>
> What's the procedure on this? Is there a need to publish a document or
> some test vectors that all implementations can validate against?
>
> Personally, it is more logical to introduce new transform types for
> QSKEs, but one