Is it worth mentioning "here it is, we're not discussing it due to concerns about security problems"? I'm concerned about not addressing it at all; I don't want to leave an open door for an update to miss ;-) Joe Sam Hartman wrote: >>>>>> "Joe" == Joe Touch <touch at ISI.EDU> writes: > > Joe> Should it be included as a variant for completeness, but the > Joe> lack of currently known utility / motivation noted? > > No, because I think it has security problems and I don't want to spend > the effort doing analysis unless we have a justification for that > work. > > > > Let me make sure I understand what you mean though. You consider this > the case where one side verifies the channel binding but the other > side does not, not the case where you use channel bindings but one > side has full IKE, right?
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.