Tero Kivinen <[email protected]> wrote: > That is why I think it is important that we do detect the failures > correctly.
>> > SK_d provides quantum resistance for the IPsec SAs and Child IKE
>> SAs. > The SK_pi and SK_pr provides key verification, meaning that
>> incorrect > PPKs will result AUTHENTICATION_FAILURE notification,
>> instead of just > wrong keys.
>>
>> Would it be reasonable to create some token/nonce from something
>> before the PPK is mixed in such that we could recognize the different
>> AUTH FAILUREs, or does that create too much of an oracle for testing
>> PPKs?
> I think it is better to keep the AUTHENTICATION_FAILURE to mean both,
> i.e., not provide an oracle.
okay, but can we determine the mismatch enough to log it?
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
