Tero Kivinen <[email protected]> wrote: > Scott Fluhrer (sfluhrer) writes: >> Going through this suggestion (and tweaking it a bit): >> >> Pluses: - I believe it can be made a bit more flexible than you make >> it out; it don't believe that you actually need to update every node >> with every PPK at the start. With this protocol, the initiator >> decides
> I did not even require that. I said you need to provide all PPKs for
> that one node at the same time. Or at least that I was trying to say.
> I can now see that my text was bit unclear.
Why do we need to provide PPKs for all peers at the same time?
> Only reason why you want to enforce the PPKs to be used always, is when
> you know that your attacker can already break Diffie-Hellman on real
> time, and can also break your authentication method in real time. Then
> you need to use PPK to protect the authentication, as if attacker is
> able to break the authentication in real time, then it can also modify
> the packets on the wire by removing the N(PPK_IDENTITY) or
> N(PPK_SUPPORTED) notifies and disabled PPK. If the authentication (and
> Diffie-Hellman) cannot be broken in real time then authentiation will
> prevent attacker disabling PPK.
Agreed, but I don't think this mandates that one load all the PPKs at the
same time, does it?
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
