[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"interactive" freshness

To: ipsec@ans.net
Subject: "interactive" freshness
From: hugo@watson.ibm.com
Date: Tue, 28 Nov 95 15:07:33 EST

Ref:  Your note of Thu, 23 Nov 95 05:47:21 GMT (attached)

Bill,

 >
 > > Let's not miss this oportunity to take full advantage of Photuris being
 > > "bi-directional" by definition.
 > >
 > We didn't....  But glad you agree!
 >
 > Bill.Simpson@um.cc.umich.edu

If you believe that Photuris (through the implementation note of page 26 -
ver 08) is really taking advantage of the
interaction to generate a fresh, synchronized and authenticated key,
then I recommend that you highlight  the description of this "mode", e.g.,
through a special subsection rather than an "implementation note".
It should be presented as a feature of Photuris and even encourage people to
use it (in many cases it is much better than the change-message).

In my opinion this also requires more clarification.
For example, let's say that the parties find that the exchange values
are unchanged from the previous exchange.
What do they send as the Identification_Message?
WHat key do they use to authenticate that message (i.e., how do they compute
the verification field)?   Do they use the previously shared-secret for
that? If they use digital signatures, do you want them to freshly sign that
message (I guess not)?

I'll be glad if you can clarify this over this list and in the draft's text.

Hugo

Prev by Date: Re: WG Last Call for SKIP I-D
Next by Date: length of exponents
Prev by thread: "interactive" freshness
Next by thread: I-D ACTION:draft-ietf-ipsec-icmp-fail-00.txt
Index(es):
- Main
- Thread