[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simplifying rekeying [draft-jenkins-ipsec-rekeying-06.txt]



  We? Are you a doctor?

  You can infer any meaning you want and have it impact your implementation
but then don't say that if I don't agree with your implementation that
I am somehow non-compliant:

On Wed, 12 Jul 2000 19:09:17 "D. Hugh Redelmeier" <hugh@mimosa.com> wrote:

 "We infer from some comments that some implementations do not enforce the
  requirement that Message IDs be unique.  Although this isn't RFC
  compliant, the suggestion is that the RFCs be changed!"

Your (plural) inference is correct but that does not mean that I'm not
RFC compliant!

What is the security hole? How can a replayed Quick Mode packet induce
either party to accept forged packets?

  Dan.

On Thu, 13 Jul 2000 17:33:33 EDT you wrote
> On Wed, 12 Jul 2000, Dan Harkins wrote:
> >   For all the complaints about poor definition of terms (e.g. "system")
> > it seems surprising that a private definition of "unique" would guide
> > an objection to advancement of this draft.
> 
> "Unique" is a word readily found in dictionaries; our definition is the
> standard one.  Although there is a vague implication in the RFC that the
> uniqueness is intended to be only within the space of simultaneous
> negotiations, neither this nor any other restriction on the scope of
> uniqueness is actually stated.  We do not feel it is unreasonable to
> interpret this as meaning that message IDs are supposed to be *unique*,
> in the strict dictionary sense of the word (within the obvious sanity
> constraint that different hosts cannot plausibly be prevented from
> choosing the same message ID).
> 
>                                                           Henry Spencer
>                                                        henry@spsystems.net
> 


Follow-Ups: References: