[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] comment on "empty message" in IKEv2 draft



 In your previous mail you wrote:

   Francis Dupont writes:
   > => A nonce payload should have the same result, quoting the IKEv2 draft:
   
   Nope. 
   
   >    The Nonce Payload ... contains random data used to guarantee liveness
   >    during an exchange and protect against replay attacks.
   
   Nonce are always generated by the sender, and it is random nonce,
   which is used during the auth process. It is not replied back in any
   of the exchages, so it would not really guarantee liveness in this
   case. 
   
=> the text is from the IKEv2 draft 14... And we can do what we want
with nonces, as we can do what we want with COOKIE notifications,
like adding the text you proposed.

   COOKIE is the only option, nonce is not an option, as it is not sent back.

=> I don't buy this argument: I prefer Yonghui's one, i.e., cookie has
already this connotation (a weak form of the "least astonishment" argument).

Thanks

Francis.Dupont@enst-bretagne.fr

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec