In-Reply-To: <4.3.2.7.2.20030423203906.06148110@ca-uk-fs.cisco.com> A friend of mine from Checkpoint has told me that this is not totally correct and due to many political issues within the different IETF task forces CheckPoint's Hybrid mode was never made into an RFC. See: http://www.ietf.org/proceedings/99nov/I-D/draft-ietf-ipsec-isakmp-hybrid- auth-02.txt for more details. -Hank >Weak authentication in Xauth and IKE). The IPSec Working Group has=20 >understood and acknowledged this attack avenue, but has deemed that=20 >this is an acceptable risk. > Gaus
