[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE V2 Open Issues
"Theodore Ts'o" <tytso@MIT.EDU> writes:
> 5) Lack of definition of the COOKIE_REQUIRED notify payload.
> Charlie's suggestion to delete the COOKIE_REQUIRED payload and simply
> to use the COOKIE payload is simple, and non-controversial.
Actually, I (and at least two others who have voiced opinions on the
topic) prefer Radia's suggestion of putting the cookie into the
COOKIE_REQUIRED notify payload and sending that. So Bob would send a
N(COOKIE_REQUIRED{cookie}) message to Alice, and Alice would add
N(COOKIE{cookie}) to message-3. I think this is clearer than
Charlie's suggestion of just using N(COOKIE{cookie}) in both
directions.
Radia? Charlie? Others?
-derek
--
Derek Atkins
Computer and Internet Security Consultant
derek@ihtfp.com www.ihtfp.com