[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: compare-jfk-sigma.txt
On Tue, 11 Dec 2001, Andrew Krywaniuk wrote:
> > BTW, there is another reason not to go for a "sign message 1
> > and message
> > 2" as in IKEv2: if you do that then the security of the
> > protocol depends
> > on what exactly you sent in these messages.
>
> When it says "sign messages 1&2" in IKEv2, I would hazzard a guess that this
> only applies when you are not using stateless DoS protection. When you are
> using stateless DoS protection then you sign messages 3&4 instead.
This is correct for IKEv2.
But Angelos correct observation, to which I added the above,
was in the context of a protocol that does not have an optional round of
DoS protection but rather includes this protection already in the
4-message protocol.
Hugo
>
> -------------------------------------------
> There are no rules, only regulations. Luckily,
> history has shown that with time, hard work,
> and lots of love, anyone can be a technocrat.
>
>
References: