[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKEv2 and SIGMA



> Andrew, I am glad you keep insisting in understanding this,
> and I am sorry for not being clear. Below is another try

...

> Indeed, I never explained why signing the MAC of the identity is
> essential. You know why? Because it is NOT. (And I never said
> it was.) The
> only ESSENTIAL thing is that the MAC be applied to the identity!


I went back through the archives to try to determine the source of this
confusion.

Dan said:

> In this case IDi would be signed by each party. Since you're proposing
> putting all things, including IDi, into the signed hash anyway why is it
> dangerous to add just IDi to the mix of exponentials and nonces?

and you replied:

> IT IS VERY DANGEROUS! DOING WHAT YOU SUGGEST IS INSECURE!

In this case, a buffer containing IDi would be signed by each party, but
using the PCKS#1 format which also involves a hashing step. Wouldn't this be
secure?

(I see from the context that this discussion was relating to the potential
"outer id", rather than the "inner id").

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.



Follow-Ups: References: