Re: SOI: identity protection and DOS

[Michael Thomas <mat@cisco.com>]

Hugo Krawczyk writes:
 > On 20 Nov 2001, Derek Atkins wrote:
 > [...]
 > > 
 > > I happen to agree with Radia's point that you should try to protect
 > > the initiator's identity before the responder's identity (which
 > > implies the responder should authenticate to the initiator first).
 > > Yes, this implies an extra round trip, but if the initiator wants to
 > > protect their identity they should have the choice to do so.
 > > 
 > 
 > No, it does NOT imply an extra round trip. It is the other way around.  
 > Protecting the initiator from active attacker takes just 3 messages.
 > Protecting the responder takes 4.
 > See the SIGMA draft
 > (http://www.ee.technion.ac.il/~hugo/draft-krawczyk-ipsec-ike-sigma-00.txt)

   If you allow for pre-shared keys, then it clearly 
   requires an extra message or two. Which is why we
   should determine what the actual requirement is
   re pre-shared keys. If it's a requirement, then
   we need to confront the time/protection tradeoff.
   If it's not a requirement, this mostly vanishes.

	   Mike

---

Follow-Ups:

• Re: SOI: identity protection and DOS
• From: Henry Spencer <henry@spsystems.net>
• Re: SOI: identity protection and DOS
• From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
• Re: SOI: identity protection and DOS
• From: Sara Bitan <sarab@cs.Technion.AC.IL>
• Re: SOI: identity protection and DOS
• From: Hugo Krawczyk <hugo@ee.technion.ac.il>

References:

• Re: SOI: identity protection and DOS
• From: Derek Atkins <warlord@mit.edu>
• Re: SOI: identity protection and DOS
• From: Hugo Krawczyk <hugo@ee.technion.ac.il>

---

• Prev by Date: Re: IKEv2 and SIGMA
• Next by Date: Re: routing and outbound.
• Prev by thread: Re: SOI: identity protection and DOS
• Next by thread: Re: SOI: identity protection and DOS
• Index(es):
  • Main
  • Thread