[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Regarding pre-round trip for stateless cookie (Jan's issue)
Just thought I'd clarify something Paul Hoffman said (and again,
I changed the subject line to focus on the technical issue).
>> From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
>> - JFKr was better because the responder could always assume he was under
attack
>> The latter arguments aren't consistent because the same thing is true
>> for the original IKEv2.
Just because I had to read the above a few times before I understood what
he was saying, I thought I'd restate it in my own words.
What he's saying is that with the "4/6" design, if it's hard for
Bob to make a decision about whether he thinks he's under attack,
then he can always assume he's under attack, and always do the
6-message exchange.
The downside of the 6-message exchange is the extra round trip.
The downside of "4" are the implementation issues Jan raised, and
it is more complicated to specify and understand.
One other thing I was going to say in response to Jan's comment:
>>I expect there's not that many ways to skin this cat.
A quote I read once (forgot who said it) and can't resist sharing is
"If there's more than one way to skin a cat, I don't want to hear about it"
:-)
Radia