[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Secure legacy authentication for IKEv2
At 2:06 PM -0500 12/19/02, David Jablon wrote:
>Perhaps "extensibility" should include the ability to take advantage
>of keys generated by methods that use legacy credentials.
>I've heard this referred (somewhat redundantly) as "future extensibility"
>in other protocols.
>
>Although I didn't see this capability in the SLA draft, could it be added?
>
>-- David
>
Use of keys on what way? IKE v2 has introduced a clean separation of
key material generation via DH exchange from authentication
processes. I don't see how a legacy authentication system would
contribute keys for IPsec, and I would rather not see it enter into
the key generation process now that we have a clean separation.
Steve