On Thu, 6 Apr 2017, Tero Kivinen wrote:
For the 3rd option the ppk_id is constructed using the PPK
itself and a session parameters, e.g. ppk_id = prf(PPK, Ni | Nr).
This would allow the responder to check whether PPK is correct
before verifying AUTH payload.
In general, having a type value would simplify PPK management in case
a host have PPKs of different types and need to look them up
in different storages.
That is one possibility. Should the type be 8-bit or 16-bit? I assume
the registry itself should be IANA registry with designated expert
review or something like that.
I wouldn't want to broadcast my type of PPK used in IKE_INIT or
IKE_AUTH, as an active attacker could then learn this information.
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
