[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Me-Tarzan/You-Jane and key rollover (was Re: "Me Tarzan, You Jane" in IKEv2-05 )

To: ipsec@lists.tislabs.com
Subject: Re: Me-Tarzan/You-Jane and key rollover (was Re: "Me Tarzan, You Jane" in IKEv2-05 )
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 18 Mar 2003 13:09:19 -0800
In-reply-to: Your message of "Tue, 18 Mar 2003 09:52:56 PST." <200303181752.h2IHquE52682@homebrew.trpz.com>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "dharkins" == dharkins  <dharkins@tibernian.com> writes:
    dharkins> On Mon, 17 Mar 2003 19:50:21 PST you wrote
    >> Since Dan doesn't find streaming media to be a good enough reason for
    >> Me-Tarzan/You-Jane, I'll provide an example of using
    >> Me-Tarzan/You-Jane to aid in key-rollover. Recall that the "You-Jane"
    >> part provides both the ID that the initiator was expecting to talk to,
    >> but also a reference to the public key, and optionally, the public key
    >> as well.

    dharkins> No, I don't recall that! In fact, this is the ENTIRE DEFINITION
    dharkins> of the "Me Tarzan/You Jane" feature in ikev2-05:

    dharkins> The optional payload IDr enables Alice to specify which of
    dharkins> Bob's identities she wants to talk to. This is useful when Bob
    dharkins> is hosting multiple identities at the same IP address.

  I can't be responsible for this.
  In fact, I haven't read -05 yet, I'm embarrased to say. I guess, I got
the impression that the entire text as was written was used.

    dharkins> What we don't need is TWO OPTIONAL PAYLOADS IN THE SAME MESSAGE
    dharkins> (!!!)  that both give hints about what identity the initiator
    dharkins> is expecting the responder to use.

  I don't mind putting them in a different payload. Would that make you
happy? It seemed redundant to me.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPneK/oqHRg3pndX9AQFnMgP7B2o3gj4cfxfG+d5tF/cXAKbKMGkWjx7T
2rKXuJiCCZrB3U9GE/z28thrCHkjMwgdgkni6y2ucLH9AK4RsjFOI0njjInhDxMi
ZmxQ8DPldBTO9FVCKSlfJYLF7JxdI8bIgPqtr8ysL0AVuR+Ox+nuL0C4xh0Bovgu
DrZwkQyVwkM=
=zXMD
-----END PGP SIGNATURE-----

References:
- Re: Me-Tarzan/You-Jane and key rollover (was Re: "Me Tarzan, You Jane" in IKEv2-05 )
  - From: dharkins@tibernian.com

Prev by Date: RE: "Me Tarzan, You Jane" in IKEv2-05
Next by Date: Re: "Me Tarzan, You Jane" in IKEv2-05
Prev by thread: Re: Me-Tarzan/You-Jane and key rollover (was Re: "Me Tarzan, You Jane" in IKEv2-05 )
Next by thread: Re: "Me Tarzan, You Jane" in IKEv2-05
Index(es):
- Date
- Thread