Thread-Topic: Secure legacy authentication for IKEv2
Isn't the current version of SLA vulnerable to the same attack? I don't see anywhere in the spec where a "binding" is carried out. In fact, this would not be possible with the methods you're supporting, because none of them generate keys.