Re: [IPsec] initiator privacy vs responder stealth

[Christopher Wood]

On Thu, Apr 5, 2018 at 4:28 AM Valery Smyslov 
wrote:

> Hi Michael,
>
> > > IKE_SA_INIT privacy concerns - David Schinazi
> > >
> https://datatracker.ietf.org/meeting/101/materials/slides-101-ipsecme-privacy-additions-to-the-ikev2-
> > ike-sa-init-exchange-00
> >
> > > Concerns around privacy of the peers (who the initiator is, and if
> the
> > > responder is running IKE)
> >
> > I think that we had some consensus that we should split the document
> into two
> > problem statements.  Protecting the initiator identity against MITM
> attackers
> > can be solved a whole bunch of ways.  A zero-knowledge proof would seem
> to
> > be a better way to start to me.
> >
> > The problem of making the IKE responders stealthed seems like a different
> > problem entirely.
>
> +1.
>

+1 to treating these problems separately.

Best,
Chris
___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] initiator privacy vs responder stealth

[Valery Smyslov]

Hi Michael,

> > IKE_SA_INIT privacy concerns - David Schinazi
> > 
> https://datatracker.ietf.org/meeting/101/materials/slides-101-ipsecme-privacy-additions-to-the-ikev2-
> ike-sa-init-exchange-00
> 
> > Concerns around privacy of the peers (who the initiator is, and if the
> > responder is running IKE)
> 
> I think that we had some consensus that we should split the document into two
> problem statements.  Protecting the initiator identity against MITM attackers
> can be solved a whole bunch of ways.  A zero-knowledge proof would seem to
> be a better way to start to me.
> 
> The problem of making the IKE responders stealthed seems like a different
> problem entirely.

+1.

Regards,
Valery.

___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec