[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user to user keying in Photuris

To: ipsec@ans.net
Subject: Re: user to user keying in Photuris
From: "William Allen Simpson" <bsimpson@morningstar.com>
Date: Mon, 11 Dec 95 15:00:07 GMT

> From: Oliver Spatscheck <spatsch@cs.arizona.edu>
> There should be a way to determine both user on the responder
> side during the key exchange. Only then it is possible
> to establish user to user keying with one key exchange.
>
> This can easily be accomplished by defining an new Identity-Choice
> which contains the identity of both user in the Identification
> field.
>
I like this, it is very elegant.


> Another approach would be to add a second identification field
> to the identification message.
>
I think this is overkill, by adding a field for all messages which would
only rarely be used.  And it complicates the protocol.

Bill Sommerfeld suggested using the currently MBZ Responder Cookie in
the Cookie_Request, to contain the Initiator Cookie from a previous
Photuris Exchange.  This is exceedingly clever!

Bill also had some ideas on how to specify particular application
processes.  This is emphatically outside the scope of the Photuris base
protocol.  I had asked Bill over a month ago to write up the process
oriented keying as a separate draft.  I recommend that he join with
Oliver as authors to include both ideas.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Prev by Date: John Lull: Re: Paul Kocher's timing attack
Next by Date: Re: MD4
Prev by thread: John Lull: Re: Paul Kocher's timing attack
Next by thread: Photuris meeting discussions
Index(es):
- Main
- Thread