[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: having and eating cake? agressive mode with identity hiding
Yes, I think that one of the optimizations that
IKE could use is to take an optimistic approach on
many fronts. This is, expect that what you propose
will work (ie group 2) but allow the ability to
reject that proposal if it's not acceptible. In
the vast majority of cases -- assuming some
stability in ciphersuites which seems reasonable
at this point -- the average case will complete
much quicker. The same can be done for DoS
protection: if you're not under attack, sending
the initiator off to do a return-routability test
is fairly useless, and counterproductive. The
protocol needs to be able support that test so
that the recipient can defend himself if need be,
but that should be the exceptional case.
Given these two things, and then the ability to
squish a quick mode exchange into the final cert
exchange (using an optimistic approach too), we
should be able to get the average initial
main/quick mode exchange to complete in 4 or 5
messages rather than 8 or 9.
Mike
Radia Perlman - Boston Center for Networking writes:
> Re: Sheila Frankel's pointing out the loss of ability to negotiate the D-H
> group.
>
> Is it that important to negotiate it rather than having Alice choose?
> If so, how many groups might Alice be willing to propose? If it's
> only a handful, then it wouldn't be tragic in the rare case where her choice
> was unacceptable to Bob for Bob to reply with "unacceptable D-H choice"
> and Alice to cycle through her choices. Or have Bob reply with his list of
> acceptable choices.
>
> Radia
>
>
>
> From: Sheila Frankel <sheila.frankel@nist.gov>
>
>
> There is one problem that arises from adopting aggressive mode as the
> single IKE
> variant. Since "g^a mod p" is sent in message 1, we lose the capability
> to
> negotiate the Diffie-Hellman group.
>
> Sheila Frankel
> NIST
>
>
Follow-Ups:
References: