[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: compare-jfk-sigma.txt

To: Andrew Krywaniuk <andrew.krywaniuk@alcatel.com>
Subject: RE: compare-jfk-sigma.txt
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Wed, 12 Dec 2001 15:36:08 +0200 (IST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <000c01c182bd$7f8e8140$2dc6830c@andrewk3.ca.newbridge.com>
Sender: owner-ipsec@lists.tislabs.com

On Tue, 11 Dec 2001, Andrew Krywaniuk wrote:

> > BTW, there is another reason not to go for a "sign message 1
> > and message
> > 2" as in IKEv2: if you do that then the security of the
> > protocol depends
> > on what exactly you sent in these messages.
> 
> When it says "sign messages 1&2" in IKEv2, I would hazzard a guess that this
> only applies when you are not using stateless DoS protection. When you are
> using stateless DoS protection then you sign messages 3&4 instead.

This is correct for IKEv2.
But Angelos correct observation, to which I added the above, 
was in the context of a protocol that does not have an optional round of
DoS protection but rather includes this protection already in the
4-message protocol. 

Hugo

> 
> -------------------------------------------
> There are no rules, only regulations. Luckily,
> history has shown that with time, hard work,
> and lots of love, anyone can be a technocrat.
> 
>

References:

RE: compare-jfk-sigma.txt

From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

Prev by Date: RE: IKEv2 and SIGMA
Next by Date: IPSec and Cryptograhic accelerator
Prev by thread: RE: compare-jfk-sigma.txt
Next by thread: Re: compare-jfk-sigma.txt
Index(es):
- Main
- Thread