[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Me-Tarzan/You-Jane and key rollover (was Re: "Me Tarzan, You Jane" in IKEv2-05 )
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "dharkins" == dharkins <dharkins@tibernian.com> writes:
dharkins> On Mon, 17 Mar 2003 19:50:21 PST you wrote
>> Since Dan doesn't find streaming media to be a good enough reason for
>> Me-Tarzan/You-Jane, I'll provide an example of using
>> Me-Tarzan/You-Jane to aid in key-rollover. Recall that the "You-Jane"
>> part provides both the ID that the initiator was expecting to talk to,
>> but also a reference to the public key, and optionally, the public key
>> as well.
dharkins> No, I don't recall that! In fact, this is the ENTIRE DEFINITION
dharkins> of the "Me Tarzan/You Jane" feature in ikev2-05:
dharkins> The optional payload IDr enables Alice to specify which of
dharkins> Bob's identities she wants to talk to. This is useful when Bob
dharkins> is hosting multiple identities at the same IP address.
I can't be responsible for this.
In fact, I haven't read -05 yet, I'm embarrased to say. I guess, I got
the impression that the entire text as was written was used.
dharkins> What we don't need is TWO OPTIONAL PAYLOADS IN THE SAME MESSAGE
dharkins> (!!!) that both give hints about what identity the initiator
dharkins> is expecting the responder to use.
I don't mind putting them in a different payload. Would that make you
happy? It seemed redundant to me.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPneK/oqHRg3pndX9AQFnMgP7B2o3gj4cfxfG+d5tF/cXAKbKMGkWjx7T
2rKXuJiCCZrB3U9GE/z28thrCHkjMwgdgkni6y2ucLH9AK4RsjFOI0njjInhDxMi
ZmxQ8DPldBTO9FVCKSlfJYLF7JxdI8bIgPqtr8ysL0AVuR+Ox+nuL0C4xh0Bovgu
DrZwkQyVwkM=
=zXMD
-----END PGP SIGNATURE-----