Wang Guilin <[email protected]> wrote: > Could you please elaborate why using "NONE" as the first KE is Evil?
It would be setting up an IKEv2 SA which would be trivially interceptable, and they could do fragment/IKE_INTERMEDIATE attacks on the server. (It also feels like a repeat of IKEv1, group PSK, which ...) -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
