RE: XAUTH is broken

["Valery Smyslov" <svan@trustworks.com>]

On 23 Jul 99 at 10:40, Joern Sierwald wrote:

> At 15:53 22.7.1999 -0400, you wrote:
> 
> >This is a rather unfair and unreasonable accusation. 
> Yes it is. It was meant to be a bit teasing, but it looks just mean
> if it read it today. Sorry.
> 
> >If it turns
> >out that the best solution is to use a new exchange type, we would
> >still have to change our code, and it also one of the suggestions
> >that I already said I prefer.
> >
> OK, let's go this way. I would like to suggest that we define _two_
> new exchanges, one for 4 packets and one for 6 packets.

Number of packets depends on type of authentication. Who can 
guarantee that tomorrow another type of authentication will require, 
say, 8 packets? Shall we define new exchange again then? And so on? 
Would'n be better to define XAUTH exchange as open ended?

BTW, question to Tim Jenkins. Attribute payload contains "Identifier" 
field. Why not use it (by requiring it to be the same in all 
attribute payloads during one XAUTH exchange) for state tracking and 
let M-ID be different (e.g. perform XAUTH as series of ordinary 
ISAKMP-CFG)?

> Jörn

Regards,
Valery.

---

References:

• RE: XAUTH is broken
• From: Tim Jenkins <tjenkins@TimeStep.com>
• RE: XAUTH is broken
• From: Joern Sierwald <joern.sierwald@datafellows.com>

---

• Prev by Date: RE: XAUTH is broken
• Next by Date: RE: Secret public keys
• Prev by thread: RE: XAUTH is broken
• Next by thread: RE: XAUTH is broken
• Index(es):
  • Main
  • Thread