Just on one point (the rest is definitely for the authors): On 02/08/2018 11:56, Eric Rescorla wrote: .... > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- .... > S 6.5. >> >> o Once the first secure channel protocol succeeds, the two peers >> know each other's certificates because they must be used by all >> secure channel protocols for mutual authentication. The node with >> the lower Node-ID in the ACP address becomes Bob, the one with the >> higher Node-ID in the certificate Alice. > > A ladder diagram would really help me here, because I'm confused about > the order of events. > > As I understand it, Alice and Bob are both flooding their AN_ACP > objectives. So, Alice sees Bob's and starts trying to connect to Bob. > But Bob may not have Alice's objective, right? So, in the case you > describe below, she just has to wait for it before she can try the > remaining security protocols?
Let's call them X and Y for a moment. If X receives Y's AN_ACP, it includes Y's Node-ID as part of the address. If that is lower than X's own Node-ID, X knows that she is Alice, and can start the dialogue. She doesn't need to care whether Bob has received her own AN_ACP. Otherwise, X knows that he is Bob, so he just waits for the dialogue to start. It certainly seems to be true that if Eve gives herself the lowest possible Node-ID and only offers the weakest possible protocol, she could get in. That's assuming she has managed to enrol in the domain in the first place. Brian _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima