On Mon, 14 Aug 2017, David Schinazi wrote:
[DS] I think "showing ID" is exactly what we're avoiding here. You can think of
this in terms of the Socialist Millionaire Problem - we want to be able to assert
identity without anyone disclosing anything first. And the proposed solution is to send
Hi,
Vukasin Karadzic is working on implementing draft-fluhrer-qr-ikev2
for libreswan and stumbled upon a problem. The relevant text:
When the initiator receives this reply, it checks whether the
responder included the PPK_SUPPORT notify. If the responder did not,
then the initiator
On Wed, Aug 16, 2017 at 9:34 AM, Paul Wouters wrote:
> On Mon, 14 Aug 2017, David Schinazi wrote:
>
>> [DS] I think "showing ID" is exactly what we're avoiding here. You can
>> think of this in terms of the Socialist Millionaire Problem - we want to be
>> able to assert identity
Paul,
I understand your concerns, and I do agree with them. However, the proposal
isn't meant to solve all issues - the idea is that if we're building a PPK
infrastructure already, I believe this is an incremental improvement to it that
solves a few more attack vectors without compromising
Tero Kivinen wrote:
> Daniel Van Geest writes:
>> 1) QS SA Negotiation
>>
>> When negotiating a QS SA, it’s not enough to negotiate QS key
>> agreement algorithm(s), one also has to ensure that the algorithms
>> selected by the other transform types are