[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKEv2 and SIGMA
>>>>> "Hugo" == Hugo Krawczyk <hugo@ee.technion.ac.il> writes:
Hugo> ...
Hugo> As I said in my note, I believe (and hope that you agree) that
Hugo> A TRULY SOUND KEY EXCHANGE PROTOCOL SHOULD NOT RELY ON EXTERNAL
Hugo> MECHANISMS TO PROVIDE ITS MOST ESSENTIAL SECURITY PROPERTIES
Hugo> In particular, the protocol MUST DEFINE ITS OWN AUTHENTICATION
Hugo> MECHANISMS.
I completely agree.
Hugo> By using ESP for the AUTHENTICITY of the protocol you are
Hugo> violating this principle.
One good reason for insisting on this is that the ESP draft continues
to permit -- and even encourage -- the known-insecure
confidentiality-only mode. It's a good thing to see it change from
"MUST" to "SHOULD" on that topic, but the right change is to "SHOULD
NOT" and to mark that "feature" historic and deprecated.
paul
Follow-Ups:
References: