Thanks, I will reject it, next time I go into that system. Deb
On Wed, May 7, 2025 at 9:40 AM Valery Smyslov <[email protected]> wrote: > Hi, > > I believe the proposed change is wrong. Nr in the RFC7296 diagrams > represents the whole Nonce payload, including payload header, > while only its content is included in to the authentication data. > > This is expressed by the line: > > NonceRPayload = PayloadHeader | NonceRData > > > The correct change would be: > > Nr = PayloadHeader | NonceRData > > However, while terms NonceRPayload, InitiatorIDPayload, > RealMessage1, etc., are not formally defined in the RFC, > the explanation text above makes it clear (in my opinion) > what is meant. > > > And the proposal to exclude nonces from the authentication data > is wrong since it would break the security proofs of SIGMA protocol. > The RFC explicitly states: > > It is critical to the security of the exchange > that each side sign the other side's nonce. > > Regards, > Valery. > > > > The following errata report has been submitted for RFC7296, > > "Internet Key Exchange Protocol Version 2 (IKEv2)". > > > > -------------------------------------- > > You may review the report below and at: > > https://www.rfc-editor.org/errata/eid8407 > > > > -------------------------------------- > > Type: Technical > > Reported by: Yan Jia <[email protected]> > > > > Section: 2.15. > > > > Original Text > > ------------- > > InitiatorSignedOctets = RealMessage1 | NonceRData | MACedIDForI > > > > NonceRPayload = PayloadHeader | NonceRData > > > > Corrected Text > > -------------- > > InitiatorSignedOctets = RealMessage1 | Nr| MACedIDForI > > > > NonceRPayload = PayloadHeader | Nr > > > > Notes > > ----- > > I'm not sure whether "NonceRData" and "NonceIData " refers to Nr and Ni? > I > > searched "NonceRData" but I cannot find its definition. > > > > BTW, because we have already included "MACedIDForI" that is generated > from > > Nonce in InitiatorSignedOctets, can we remove "NonceRData" from > > InitiatorSignedOctets (assuming NonceRData is Nr)? > > > > Instructions: > > ------------- > > This erratum is currently posted as "Reported". (If it is spam, it > > will be removed shortly by the RFC Production Center.) Please > > use "Reply All" to discuss whether it should be verified or > > rejected. When a decision is reached, the verifying party > > will log in to change the status and edit the report, if necessary. > > > > -------------------------------------- > > RFC7296 (draft-kivinen-ipsecme-ikev2-rfc5996bis-04) > > -------------------------------------- > > Title : Internet Key Exchange Protocol Version 2 (IKEv2) > > Publication Date : October 2014 > > Author(s) : C. Kaufman, P. Hoffman, Y. Nir, P. Eronen, T. > Kivinen > > Category : INTERNET STANDARD > > Source : IP Security Maintenance and Extensions > > Stream : IETF > > Verifying Party : IESG > > > > _______________________________________________ > > IPsec mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > >
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
