I have no problems with adding the Policy steps to the processing.
From: Hao Zhou (hzhou) [mailto:hz...@cisco.com]
Sent: Thursday, October 04, 2012 8:56 PM
To: Jim Schaad; emu@ietf.org
Subject: Re: [Emu] IMSK derivation issue
Jim:
Thanks for pointing out this issue. How about
Jim:
Thanks for pointing out this issue. How about the following text with slight
modification with policy control from both sides to prevent downgrade attack.
Added text in red.
1. The first sender of the Crypto-Binding TLV needs to create it as
follows:
a) If the EMSK is not available, then
I agree that the IMSK needs to take into account the existence of the EMSK,
however the current text has a severe problem with the way that it is done.
It assumes that if the EMSK is exportable on one side, then it will be
exportable on the other side as well. I don't believe this is the case.
