N_U, N_V, E_V, Alg_V, Enc(K_VE; ID_V, Sig(V; Mac(K_VM; prot_2)))|
| <---------------------------------------------------------------+
| message_2 |
|
|
| |
| N_U, N_V, Enc(K_UE; ID_U, Sig(U; Mac(K_UM; prot_3)))Why is N_U echoed back to U in message 2? Why are N_U and N_V included in message 3? If the nonce acts as a defense against off-path attacks, then at least N_U does not need to be in message 3. Including N_U in message 2 defends an off-path attacker racing V to reply to message_1, which seems unlikely. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
