[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: compare-jfk-sigma.txt

To: Tero Kivinen <kivinen@ssh.fi>
Subject: Re: compare-jfk-sigma.txt
From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Date: Mon, 10 Dec 2001 16:54:49 -0500
Cc: ipsec@lists.tislabs.com, Charlie_Kaufman@iris.com, canetti@watson.ibm.com
In-reply-to: Your message of "Sun, 09 Dec 2001 00:32:43 +0200." <15378.38155.49527.8799@ryijy.hel.fi.ssh.com>
Sender: owner-ipsec@lists.tislabs.com


In message <15378.38155.49527.8799@ryijy.hel.fi.ssh.com>, Tero Kivinen writes:
>
>Actually it really does not matter which ends identity is protected
>against active attacks unless we disallow changing of the direction of
>the negotiation.

This is something that the implementation can do; on detecting an incoming
Message 1 from a peer with whom I already have an SA or with whom I'm willing
to establish an SA, I simply start a JFK exchange myself. It's simple enough
to detect cases where both parties are not willing to reveal their identities
(and avoid a Message-1-war).
-Angelos

References:

Re: compare-jfk-sigma.txt

From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: Re: Interoperability issues in setting up SAs
Next by Date: Re: compare-jfk-sigma.txt
Prev by thread: Re: compare-jfk-sigma.txt
Next by thread: Re: compare-jfk-sigma.txt
Index(es):
- Main
- Thread