Hi Valery,
to make it easier for everyone, I suggest that you submit a new draft
version.
Commenting on the pull request, specifically:
"If the puzzle is successfully verified and the SK_* key are calculated,
but the message authenticity check fails, the responder SHOULD save the
calculated keys in the IKE SA state while waiting for the
retransmissions from the initiator. In this case the responder may skip
verification of the puzzle solution and ignore the Puzzle Solution
payload in the retransmitted messages."
It seems to me that if any authenticity check fails, the responder MUST
NOT make any changes at all to its saved state. Anything else would
complicate implementations and create hard to analyze vulnerabilities.
The only gain here is saving a single PRF operation on the responder's
side, and it is not worth it.
Thanks,
Yaron
On 04/03/2015 02:45, Valery Smyslov wrote:
Hi all,
I've updated my previous pull request.
The source file and changes are available at
https://github.com/ietf-ipsecme/drafts/pull/2
Now it is completely described using puzzles in the IKE_SA_INIT and
IKE_AUTH exchanges.
Payload formats and IANA considerations
are also provided.
Regards,
Valery Smyslov.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec