On 08/03/2012 11:08, Dacheng Zhang(Dacheng) wrote: >>> I could see that if the *only* channel he has for data is encrypted >>> then it would make sense to also send the timing encrypted. >>> However it is not clear that this is the only channel available >>> since there usually needs to be one in the clear to run the >>> key exchange. > [Dacheng Zhang] Do you mean there should be a IPsec AH channel or ESP Null > channel for key exchange? > As far as I know, IKEv2 and IKE can secure themselves and don't need an > additional security channel to exchange keys. > > My point is that unless there is something unusual about your system the two ends can exchange IP packets any time they wish and use of the secure channel is always optional.
Stewart _______________________________________________ TICTOC mailing list [email protected] https://www.ietf.org/mailman/listinfo/tictoc
