On Tue, Apr 12, 2011 at 7:17 AM, Tero Kivinen <kivi...@iki.fi> wrote:
> 3) The IKE_SA_INIT and IKE_AUTH are used as exchange types, but the
>   extra payloads in them depend on the SPAM algorithm used, and the
>   SPAM algorithm used also affects the AUTH payload generation. The
>   exchange will similar to EAP, i.e.:
>
>   Initiator                         Responder
>   -------------------------------------------------------------------
>   HDR, SAi1, KEi, Ni,
>        N(SPAM_METHODS) -->
>                                <--  HDR, SAr1, KEr, Nr, [CERTREQ],
>                                          N(SPAM_METHODS)

If the "SPAMs" are ZKPPs, they surely output key material, so why
bother with KEi/KEr here?  Is it for privacy protection of the ID
payloads below?

>   HDR, SK {IDi, [CERTREQ,]
>       SPAM_PAYLOAD,
>       SPAM_PAYLOAD, ...
>       [IDr,] SAi2,
>       TSi, TSr}  -->
>                                <--  HDR, SK {IDr, [CERT,]
>                                         SPAM_PAYLOAD,
>                                         SPAM_PAYLOAD, ... }
>   HDR, SK {SPAM_PAYLOAD, ...}  -->
>                                <--  HDR, SK {SPAM_PAYLOAD, ...}
>   HDR, SK {[SPAM_PAYLOAD, ...],
>            AUTH}  -->
>                                <--  HDR, SK {[SPAM_PAYLOAD, ...],
>                                              AUTH, SAr2, TSi, TSr }

Studying this more carefully, I think this is close to fully
generalizable -- in a way where I could borrow the spec to make GSS
mechs out of this instead of the other way around.  The only things
missing (channel binding, generic ID payloads, GSS flags conveyance)
could be added separately.  Also, I'd want to very cleanly separate
the "SPAM" negotiation from the "SPAM" messages.  (Did I mention that
SPAM is a trademark? :)

I'll think about this some more.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to