As long as there is an opaque type in the list of types, everyone can reveal as much as they are comfortable with.
Paul Sent from my iPhone > On Apr 11, 2017, at 10:47, Scott Fluhrer (sfluhrer) <sfluh...@cisco.com> > wrote: > > Paul, on a previous email, you wrote: > >> I wouldn't want to broadcast my type of PPK used in IKE_INIT or IKE_AUTH, as >> an active attacker could then learn this information. > > I believe it was in this context; did you change your mind? > > If everyone is OK with a PPK_ID type. If everyone is, I'll put that into the > draft... > >> -----Original Message----- >> From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Paul Wouters >> Sent: Monday, April 10, 2017 12:54 PM >> To: Valery Smyslov >> Cc: ipsec@ietf.org WG >> Subject: Re: [IPsec] Quantum Resistance SK_d, SK_pi, SK_pr etc mixing >> >>> On Mon, 10 Apr 2017, Valery Smyslov wrote: >>> >>> I think that it's worth to add an indication of the type of PPK_ID. >>> I.e. the PPK_ID should consist of two fields - PPK_ID type (16 bits, >>> managed by IANA) and PPK_ID data. That would make PPK management a >> bit easier - the responder would know where to look PPK for. >> >> Sounds good to me. >> >> Paul >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
