[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Regarding pre-round trip for stateless cookie (Jan's issue)



At 4:46 PM -0400 9/17/02, Radia Perlman - Boston Center for Networking wrote:
>What he's saying is that with the "4/6" design, if it's hard for
>Bob to make a decision about whether he thinks he's under attack,
>then he can always assume he's under attack, and always do the
>6-message exchange.

Yep, that's what I was trying to say. :-) In addition, from the 
initiator side, it is trivial for the initiator to decide if the 
message he gets back from the responder is a "please retry" message 
or is a real message 3. If the encrypt bit is off, it's a "please 
retry"; if the encrypt bit is on, it's a real message 3.

--Paul Hoffman, Director
--VPN Consortium