On Fri, 2 Nov 2012, Paul Hoffman wrote:
: The design team decided it is best to add just one new authentication
: method, that will support all kinds of signature methods. This
: includes all ECDSA and other EC-based methods (ECGDSA) and can also
: support other algorithms too (RSA-PSS or even ElGamal).
:
Good, that's better than having per-auth method ids.
: The EC group is assumed to be known from the certificate or raw key,
: and there is no need to explicitly negotiate or identify it.
:
It must be specified explicitly how this information can be retrieved from
different certs.
: This new method will be negotiated using the Notify Payloads in the
: IKE_SA_INIT, and those same payloads can be used to indicate the
: supported hash algoritms.
:
Why is the notify needed? Why can't the new method be like old methods?
If remote doesn't support the new authentication method, authentication
will fail. If it doesn't support the algorithm in the OID, authentication
will fail. Why does the hash algorithm have to be negotiated? Why the
extra complexity? And peer will indicate that it supports the new method
simply by using that method in the Auth payload. What's the use case I'm
missing here?
Pekka
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
