Paul Wouters <[email protected]> wrote: >>> Would it be reasonable to create some token/nonce from something >>> before the PPK is mixed in such that we could recognize the different >>> AUTH FAILUREs, or does that create too much of an oracle for testing >>> PPKs?
>> I believe that would be reasonable. We already exchange notifies
>> between the two sides (to allow both sides to know whether or not
>> we're using a PPK); the obvious mention would be if the notifies
>> included PRF( PPK, "fixed value" ).
> I would prefer that we do not signal different AUTH failures in a way
> that tells them which part of the AUTH process they got wrong.
The use of PRF(PPK,"X") does not place that signal on the wire, but permits
that signal to be in the log.
Scott: how do you think PPKs will get entered initially (i.e. until we have
some quantum-resistant mechanism to distribute them)? Humans typing them
in, QR codes scanned, USB keys sent via Fedex? If we are serious about
this, then it matters.
If Humans is the answer, then I would like to suggest the document suggest a
standard humen presentation format, such as bubble-babble [first hit:
http://www.wisegeek.com/what-is-bubble-babble.htm. Maybe there is a better
reference].
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
