[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-ikev2-06.txt

To: David Jablon <dpj@theworld.com>, Charlie_Kaufman@notesdev.ibm.com
Subject: Re: draft-ietf-ipsec-ikev2-06.txt
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Date: Wed, 9 Apr 2003 09:47:21 -0700
Cc: IPsec WG <ipsec@lists.tislabs.com>
In-Reply-To: <5.1.0.14.0.20030408104652.00a37ec0@pop.theworld.com>
References: <5.1.0.14.0.20030408104652.00a37ec0@pop.theworld.com>
Sender: owner-ipsec@lists.tislabs.com

At 10:46 AM -0400 4/8/03, David Jablon wrote:
>I too prefer "MUST", and I prefer "MUST NOT" in the addition.

Could you explain the technical reason for that? If someone uses a 
password instead of a sufficiently-random shared secret, will the PRF 
break?

We have no way of testing if someone has used a password vs. a shared 
secret. If we say MUST and MUST NOT, we are saying that 
implementations must somehow test for this. SHOULD and SHOULD NOT 
(with the appropriate wording about the problems of passwords) seems 
more realistic, but if there truly is a technical problem with using 
a password in a PRF as Hugo has described, then we should know about 
it.

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- Re: draft-ietf-ipsec-ikev2-06.txt
  - From: Hugo Krawczyk <hugo@ee.technion.ac.il>
- Re: draft-ietf-ipsec-ikev2-06.txt
  - From: David Jablon <dpj@theworld.com>

References:
- Re: draft-ietf-ipsec-ikev2-06.txt
  - From: David Jablon <dpj@theworld.com>

Prev by Date: March 2003 IETF WG Minutes
Next by Date: Re: Question on SA Bundle
Prev by thread: Re: draft-ietf-ipsec-ikev2-06.txt
Next by thread: Re: draft-ietf-ipsec-ikev2-06.txt
Index(es):
- Date
- Thread