>> >> I could see that if the *only* channel he has for data is encrypted >> then it would make sense to also send the timing encrypted. >> However it is not clear that this is the only channel available >> since there usually needs to be one in the clear to run the >> key exchange. [Dacheng Zhang] Do you mean there should be a IPsec AH channel or ESP Null channel for key exchange? As far as I know, IKEv2 and IKE can secure themselves and don't need an additional security channel to exchange keys.
_______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
