On 22 May 2013 19:57, Aaron Stellman wrote:
> On Mon, May 20, 2013 at 08:24:06PM +0100, Stuart Henderson wrote:
>> If you make it a couple of paragraphs past the table, there is this
>> paragraph, which is rather clear:
>>
>> Using AES-GMAC or NULL with ESP will only provide authentication.
On Mon, May 20, 2013 at 08:24:06PM +0100, Stuart Henderson wrote:
> If you make it a couple of paragraphs past the table, there is this
> paragraph, which is rather clear:
>
> Using AES-GMAC or NULL with ESP will only provide authentication. This
> is useful in setups where AH can not b
On 2013/05/20 10:56, Aaron Stellman wrote:
> On Sat, May 18, 2013 at 04:30:43AM +0200, Reyk Floeter wrote:
> > You're mixing up GCM and GMAC. You have to update your config to use
> > aes-256-gcm instead of aes-256-gmac! The GMAC is actually only the
> > authentication part and it is not encrypti
On Sat, May 18, 2013 at 04:30:43AM +0200, Reyk Floeter wrote:
> You're mixing up GCM and GMAC. You have to update your config to use
> aes-256-gcm instead of aes-256-gmac! The GMAC is actually only the
> authentication part and it is not encrypting the payload. You can
> see it as "childsa enc n
Hi,
On Fri, May 17, 2013 at 12:55:15PM -0700, Aaron Stellman wrote:
> Before I proceed, I realize that iked is not yet finished and is missing
> some important security features. I am just pointing out something that
> may not be known, and perhaps should be addressed.
>
...
> ikev2 esp from 10.9
Before I proceed, I realize that iked is not yet finished and is missing
some important security features. I am just pointing out something that
may not be known, and perhaps should be addressed.
I have a very simple instance of 2 qemu machines, running same snapshot
of 5.3-current:
OpenBSD openbs
