> In your last message you suggest that cookies be made > optional. You state > "This allows the 2 round trip JFK scheme to be reduced to 1 > required and 1 > optional round trip." Then you go on to describe a protocol > which bears > absolutely no resemblance to JFK at all. If you think that I don't think you understand JFK. > The JFK approach was to take 90% of the crypto features that IKEv2 > implements in average case 4 messages (worst case 6) and do > them in constant > time 4 messages. What you have done is take the same idea from IKEv2 > (optional cookies), graft it onto XKASS, and then somehow > pretend that this > is related to JFK. Look at the crypto. And when it comes to a security model, XKASS describes its security model with far more rigor than JFK. So please don't get into the histrionics. > I hate to resort to tired cliches, but if for some reason all > you require is > fast negotiation, irregardless of the security drawbacks, > then perhaps that > should be done by a separate protocol. Straw man, I have presented a formalized analysis of the security model, JFK does not. All I see in JFK is a catalogue of previously discovered problems. That is not a security model in my view. Phill
Phillip Hallam-Baker (E-mail).vcf