[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE V2 Open Issues

To: "Theodore Ts'o" <tytso@mit.edu>
Subject: Re: IKE V2 Open Issues
From: Derek Atkins <derek@ihtfp.com>
Date: 10 Apr 2003 14:46:20 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <E193Mu6-0000by-00@think.thunk.org>
References: <E193Mu6-0000by-00@think.thunk.org>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1

"Theodore Ts'o" <tytso@MIT.EDU> writes:

> 5) Lack of definition of the COOKIE_REQUIRED notify payload.
> Charlie's suggestion to delete the COOKIE_REQUIRED payload and simply
> to use the COOKIE payload is simple, and non-controversial.

Actually, I (and at least two others who have voiced opinions on the
topic) prefer Radia's suggestion of putting the cookie into the
COOKIE_REQUIRED notify payload and sending that.  So Bob would send a
N(COOKIE_REQUIRED{cookie}) message to Alice, and Alice would add
N(COOKIE{cookie}) to message-3.  I think this is clearer than
Charlie's suggestion of just using N(COOKIE{cookie}) in both
directions.

Radia?  Charlie?  Others?

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com

Follow-Ups:
- Re: IKE V2 Open Issues
  - From: Uri Blumenthal <uri@bell-labs.com>

References:
- IKE V2 Open Issues
  - From: "Theodore Ts'o" <tytso@mit.edu>

Prev by Date: Re: Do ipsec vendors care about privacy?
Next by Date: Re: IKE V2 Open Issues
Prev by thread: Re: IKE V2 Open Issues
Next by thread: Re: IKE V2 Open Issues
Index(es):
- Date
- Thread