[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: identity protection and DOS

To: Hugo Krawczyk <hugo@ee.technion.ac.il>
Subject: Re: SOI: identity protection and DOS
From: Derek Atkins <warlord@mit.edu>
Date: 27 Nov 2001 14:17:36 -0500
Cc: Sara Bitan <sarab@cs.Technion.AC.IL>, Michael Thomas <mat@cisco.com>, Henry Spencer <henry@spsystems.net>, ipsec list <ipsec@lists.tislabs.com>
In-Reply-To: Hugo Krawczyk's message of "Tue, 27 Nov 2001 19:14:54 +0200 (IST)"
References: <Pine.GSO.4.21.0111271033050.22826-100000@ee.technion.ac.il>
Sender: owner-ipsec@lists.tislabs.com

Hugo Krawczyk <hugo@ee.technion.ac.il> writes:

> And I certainly do not have to tell you that these second and third-party
> type models are in widespread use today. 
> They deserve a WELL-DESIGNED shared-key support in IKE.

This protocol already exists.  It is called "KINK".  Why don't
we focus SoI on Public-Key and Kink on Secret key techniques?
That way we don't wind up with such a generic panacea featuritis
protocol -- instead of we wind up with two simpler protocols
which can (hopefully) be verified independently.

> Hugo

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

References:

Re: SOI: identity protection and DOS

From: Hugo Krawczyk <hugo@ee.technion.ac.il>

Prev by Date: RE: ipsec/NAT query
Next by Date: Re: On shared keys
Prev by thread: Re: SOI: identity protection and DOS
Next by thread: Re: SOI: identity protection and DOS
Index(es):
- Main
- Thread