[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Three fields: cookie, nonce, and SPI



-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Radia" == Radia Perlman <- Boston Center for Networking <Radia.Perlman@sun.com>> writes:
    Radia> Hugo wanted the nonce to be completely random, to allow for weaker
    Radia> assumptions on the prf function. I was unhappy about what seemed
    Radia> like overconstraining the already overconstrained fields, but
    Radia> he suggested separating them into 3 fields, which seemed a lot
    Radia> less confusing:
    Radia>    "cookie" (an anticlogging token)
    Radia>    "nonce" (quantity chosen at random)
    Radia>    "SPI" (connection identifier)
    Radia> Any state that needed to be saved could be encoded in "cookie".

  Would it be reasonable to keep the same SPI# as a *persistent* connection
identifier? i.e. that remains the same across rekeys?
  it also makes is much more clear what one is deleting.
 
  We have wanted to suggest that we introduce such an identifier to both
phase 1 and phase 2. We call it a channel identifier.

    Radia> So, to avoid having people wince, and because I always found
    Radia> the term "cookie" for "SPI" confusing, would anyone object
    Radia> to separating things into the three fields Hugo suggested,
    Radia> even though we are going back to "4/6"?

  I think it is a good idea.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPeurQoqHRg3pndX9AQFpUAQAuMdh+ZbC7X/Ockpw75Kt0WfRV2FNE6Ll
GaR7J9q2oPbFvTBQF5/a+o/im2ndFZI1SuRVvufUdo9ZBGZ9SKcjqKoT497pUYNG
j197CFnyj11KdeQjywgPn0iDRHGahKb34H9Wx2niQaMikc2b/p3AqWwyEBM9Qb7S
xbQIdxOl63s=
=Uzx4
-----END PGP SIGNATURE-----