Just on one point (the rest is definitely for the authors):
On 02/08/2018 11:56, Eric Rescorla wrote:
....
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
....
> S 6.5.
>>
>> o Once the first secure channel protocol succeeds, the two peers
>> know each other's certificates because they must be used by all
>> secure channel protocols for mutual authentication. The node with
>> the lower Node-ID in the ACP address becomes Bob, the one with the
>> higher Node-ID in the certificate Alice.
>
> A ladder diagram would really help me here, because I'm confused about
> the order of events.
>
> As I understand it, Alice and Bob are both flooding their AN_ACP
> objectives. So, Alice sees Bob's and starts trying to connect to Bob.
> But Bob may not have Alice's objective, right? So, in the case you
> describe below, she just has to wait for it before she can try the
> remaining security protocols?
Let's call them X and Y for a moment.
If X receives Y's AN_ACP, it includes Y's Node-ID as part of the address.
If that is lower than X's own Node-ID, X knows that she is Alice, and can
start the dialogue. She doesn't need to care whether Bob has received
her own AN_ACP.
Otherwise, X knows that he is Bob, so he just waits for the dialogue
to start.
It certainly seems to be true that if Eve gives herself the lowest
possible Node-ID and only offers the weakest possible protocol,
she could get in. That's assuming she has managed to enrol in the
domain in the first place.
Brian
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
