[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Photuris // entities
I'm still confused about how the entities communicated are to be identified.
Here is a specific concern, using the terminology of version 5 of the
Photuris draft:
When the Initiator initiates a connection, all he specifies
regarding the identity of the desired responder is the IP
address of the node he sends his Cookie_Request to.
However, later on, he may receive an Identification_Message
from the (purported) responder that has an Identification field
that is, in the current draft, unconstrained.
*** When is the Responder's Identification field (un)acceptable? ***
For example, is an Identification from a specific user
at the responder's site unacceptable? (I should think so, since
the Initiator didn't -- and couldn't -- have requested communication
with that specific user in his initial Cookie_Request or
Exchange_Request.)
I think that the protocol definition should define
all possible error conditions, and specify what the appropriate
actions are for the detector of the error.
In this case, I think that the Photuris protocol is either "buggy"
or "contains a gap in its specification".
It is "buggy" if it the Initiator is supposed to accept ANY
correct Identification and Verification information from the
Responder. At the minimum, one would hope that there be a
constraint that the identification specify either the node with
the original IP address requested or a user at that node.
It "contains a gap in its specification" if there is more than
one Identification that is permissible for the Responder to send,
but the Initiator may reasonably prefer one instead of the others.
The gap is that the Initiator should be allowed to specify in his
original request (the Exchange_Request, I suppose, or else the
Cookie_Request) the identity or identities of the parties with
whom he wishes to set up a Security Association.
Ron Rivest