[Cryptography] IKE/ISAKMP/IPsec complexity by design

jamesd at echeque.com jamesd at echeque.com
Wed Oct 3 18:29:49 EDT 2018

On 2018-10-04 06:57, Florian Weimer wrote:
> I have yet to see a large-scale IPsec deployment where users cannot
> attack each other by impersonating the gateway.
> Of course, that's not the fault of the IPsec protocol as standardized
> by the IETF because the IETF refused to cover that use case.

I would phrase it slightly differently:

The IETF refused to cover the connection between cryptographic public 
keys (Zooko global identifiers) and human readable names.

And as a result, there is no clear way for the end user to know if his 
software is using the correct cryptographic key.

More information about the cryptography mailing list