[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
Hugo Krawczyk writes:
> On 20 Nov 2001, Derek Atkins wrote:
> [...]
> >
> > I happen to agree with Radia's point that you should try to protect
> > the initiator's identity before the responder's identity (which
> > implies the responder should authenticate to the initiator first).
> > Yes, this implies an extra round trip, but if the initiator wants to
> > protect their identity they should have the choice to do so.
> >
>
> No, it does NOT imply an extra round trip. It is the other way around.
> Protecting the initiator from active attacker takes just 3 messages.
> Protecting the responder takes 4.
> See the SIGMA draft
> (http://www.ee.technion.ac.il/~hugo/draft-krawczyk-ipsec-ike-sigma-00.txt)
If you allow for pre-shared keys, then it clearly
requires an extra message or two. Which is why we
should determine what the actual requirement is
re pre-shared keys. If it's a requirement, then
we need to confront the time/protection tradeoff.
If it's not a requirement, this mostly vanishes.
Mike
Follow-Ups:
References: