Yes, you can sort-of negotiate DH groups, but you don't have the New Group
Mode that we had in section 5.6 or RFC 2409.
So with RFC 4306, you're stuck with only those groups that appear in the IANA
registry, rather than your own pet DH groups.
On Mar 2, 2010, at 10:49 PM, Yaron Sheffer wrote:
Yoav Nir writes:
Yes, you can sort-of negotiate DH groups, but you don't have the
New Group Mode that we had in section 5.6 or RFC 2409.
Yes, that was left out but as it was seen that nobody will accept new
group proposed from unknown party without checking it first, and
checking that the
On 3/3/10 6:25 AM, Blumenthal, Uri - 0662 - MITLL u...@ll.mit.edu wrote:
You're good! :-)
On the vendor side - perhaps EKE patent concern was the cause (you
implement/sell free SRP and get slapped with EKE licensing)? And the users
found alternative solutions in the meanwhile?
No, I can
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the IP Security Maintenance and Extensions
Working Group of the IETF.
Title : Using Advanced Encryption Standard (AES) Counter Mode
with IKEv2
Author(s) :
Paragraph 5 of section #2:
MUST accept any length that results in proper alignment. It should
be noticed that the ESP [RFC4303] Encrypted Payload requires
Please change noticed to noted.
Other than that, the document looks good enough for implementation.
-Original Message-
From:
Hi Sean,
Section 5. IANA Considerations can be reworded in-line with ikev2bis.
5. IANA Considerations
IANA has already registered the type and value for AES-CTR.
Name Number Defined In
ENCR_AES_CTR 13 (RFC3686