<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=481193815-15092006><FONT face=Arial size=2>I changed my testing
server back to 'my_identifier asn1dn' and [re]connected with the
mutual-psk-xauth config and it connected. Does this make sense? How
could the client auth the server? The server seems to go through the
motions of doing RSA steps (still not an expert on reading racoon's -ddd output)
even though the phase 1 proposal is matched for PSK. Is this intentional
or a bug?</FONT></SPAN></DIV>
<DIV><SPAN class=481193815-15092006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=481193815-15092006><FONT face=Arial size=2>It would seem to me
that the client should make some effort to auth the server given the policy.
Oddly I like the behavior, but it doesn't seem to make any sense or could be
seen to be a security hole.</FONT></SPAN></DIV>
<DIV><SPAN class=481193815-15092006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=481193815-15092006><FONT face=Arial
size=2>Bewildered,</FONT></SPAN></DIV>
<DIV><SPAN class=481193815-15092006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=481193815-15092006><FONT face=Arial
size=2>peter</FONT></SPAN></DIV></BODY></HTML>