[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: Kerberized Internet Negotiation of Keys (KINK) toProposed Standard

To: OKABE Nobuo <nov@tahi.org>
Subject: Re: Last Call: Kerberized Internet Negotiation of Keys (KINK) toProposed Standard
From: Michael Thomas <mat@cisco.com>
Date: Tue, 21 Jan 2003 12:53:49 -0800 (PST)
Cc: iesg@ietf.org, mat@cisco.com, vilhuber@cisco.com
In-reply-to: <20030118.181430.78702291.nov@tahi.org>
References: <200211111823.NAA26773@ietf.org><20030118.181430.78702291.nov@tahi.org>

OKABE Nobuo writes:
 > Here are our comments.
 > 
 > =====================================================================
 > 7.3.  CREATE
 > Comment 1)
 > 
 >     If a respondent's CPU is too poor for DH (ex. 8-bit CPU),
 >     it has to reject a proposal that includes KE payload.
 >     What message should the responder back to the initiator?
 >     Is NO-PROPOSAL-CHOSEN right one?
 >     Anyway, more specific description seems to be needed.

   There is no specific KINK error for this. I'm not
   sure what it is that IKE does (if it's even clear there),
   but if IKE would send back a NO-PROPOSAL-CHOSEN, that
   seems appropriate. I'm not very convinced that this is
   going to do what you want though as the other side isn't
   going to be able to figure out what the problem was.

   Honestly, I sort of think this is outside of the
   domain of the protocol, as there are bid-down attacks
   which could result if it the protocol specified a
   means of signaling this. It would probably be better
   to come up with some out of band way to agree not
   to send KE payloads... though I'm open to hear 
   disagreement though.

 > Comment 2)
 > 
 >     There is no KE payload in a reply message.
 >     Is it typo?

   Yes.

 > Comment 3)
 > 
 >     # This comment is related the above (Comment 2).
 > 
 >     Does a two-way handshake keep going if KINK peers exchanges
 >     KE payloads (in request and in reply)?
 >     The optimistic approach will be broken if DH is happen
 >     after the initiator receives KE payload in a reply message.
 >     But I'm not sure if ACK is needed or not.

   KE payloads definitely breaks optimism, and thus ACK
   must be used.

 > Comment 4)
 > 
 >    The draft does not define "prf".
 >    In IKE's case, a phase 1 negotiates a hash algorithm
 >    that is used for prf. But KINK does not use IKE phase 1.
 >    # I guess that the hash algorithm specified in the Kerberos ticket
 >    # is used.

   You're correct. Your solution seems reasonable as
   this is the same tact used for the integrity checksum.
   I'll fix this.

 > Again, I apologize if my mail disturbs you.

   No, thank you.

	     Mike

Follow-Ups:
- Re: Last Call: Kerberized Internet Negotiation of Keys (KINK) toProposed Standard
  - From: OKABE Nobuo <nov@tahi.org>

References:
- Re: Last Call: Kerberized Internet Negotiation of Keys (KINK) toProposed Standard
  - From: OKABE Nobuo <nov@tahi.org>

Prev by Date: Re: Financials web page - absolutely last call
Next by Date: RE: IEEE 802.11f Request for RADIUS NAS-Port-Type and Service-Type value allocation (fwd)
Previous by thread: Re: Last Call: Kerberized Internet Negotiation of Keys (KINK) toProposed Standard
Next by thread: Re: Last Call: Kerberized Internet Negotiation of Keys (KINK) toProposed Standard
Index(es):
- Date
- Thread