[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: discussion of SIGMA-IKE

To: "'EKR'" <ekr@rtfm.com>, Jan Vilhuber <vilhuber@cisco.com>
Subject: RE: discussion of SIGMA-IKE
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Date: Fri, 7 Dec 2001 12:23:44 -0800
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Hugo and myself both missed the deadline, largely because JFK itself only
came out just before the deadline.

XKASS was published long before JFK was released however and is still
available on www.xmltrustcenter.org. The only thing that has not been
available is the same document in plaintext form rather than pdf.

I don't think anyone is suggesting that we should only discuss JFK because
it is the only draft submitted to the working group before the cutoff for a
single IETF meeting. Clearly we want the discussion at Salt Lake City to be
as productive as possible and that is best achieved by discussing all the
possible options.

The key issues for me are

1) The extent to which JFK and SIGMA achieve identity concealment that is
useful in a realistic application.
2) The extent to which identity concealment matter.

If the group agrees with my position on either of these points then the
reconfiguration of JFK so that it becomes a 2+4 message protocol becomes a
no-brainer. In the process JFK becomes practically identical to XKASS.

I take great issue with the attempt to claim SIGMA is three message. In
order to achieve all you need to achieve you require a fourth message. As
presently specified the initiator never knows:

	1) IF the agreement completed
	2) WHEN the agreement completed.

So the initiator has to guess when to start sending packets authenticated
using the key, it is a mess, it is unworkable, SIGMA is BROKEN (from a
protocol design point of view, not cryptographic) without a fourth message -
so might as well make good use of it.

The comparison between JFK/XKASS and SIGMA then becomes 2/4 vs 4/6. 

		Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227

> -----Original Message-----
> From: Eric Rescorla [mailto:ekr@rtfm.com]
> Sent: Wednesday, December 05, 2001 9:30 PM
> To: Jan Vilhuber
> Cc: ipsec@lists.tislabs.com
> Subject: Re: discussion of SIGMA-IKE
> 
> 
> Jan Vilhuber <vilhuber@cisco.com> writes:
> > I don't want this to sound the wrong way (but I'm sure it 
> will), but I don't
> > think it's appropriate for this list to be discussing 
> SIGMA-IKE, because it's
> > not an official draft yet.
> This doesn't concern me overly. Based on the date on the draft, 
> I assume that Hugo just mised the I-D deadline. It's not like that's
> never happened to anyone else :)
> 
> > I say this because I've had several people already ask me 
> what this SIGMA-IKE
> > was, and where they can find the draft. If the draft isn't 
> readily available
> > from the IETF web-site, should we be discussing it as a 
> valid contender, if
> > some part of the people on this list can't find it?
> I don't see why not. It's not like we're going to make some
> irrevocable decision on any of this stuff between now and next
> week. Anyone who truly wants to read it shouldn't have much trouble
> digging it up. It took me about a minute and a half to find.
> 
> http://www.ee.technion.ac.il/~hugo/draft-krawczyk-ipsec-ike-si
gma-00.txt

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/

Phillip

Prev by Date: RE: Son-of-IKE Selection Criteria?
Next by Date: UDP DoS attack in Win2k via IKE (fwd)
Prev by thread: Re: discussion of SIGMA-IKE
Next by thread: Re: discussion of SIGMA-IKE
Index(es):
- Main
- Thread