[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HOKEY] ERX issues

To: Charles Clancy <clancy at cs.umd.edu>
Subject: Re: [HOKEY] ERX issues
From: Rafa Marin Lopez <rafa at um.es>
Date: Mon, 24 Mar 2008 20:26:46 +0100
Cc: hokey at ietf.org
Delivered-to: ietfarch-hokey-web-archive at core3.amsl.com
Delivered-to: hokey at core3.amsl.com
In-reply-to: <47E705A2.1000201 at cs.umd.edu>
List-archive: <http://www.ietf.org/pipermail/hokey>
List-help: <mailto:hokey-request@ietf.org?subject=help>
List-id: HOKEY WG Mailing List <hokey.ietf.org>
List-post: <mailto:hokey@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
References: <20080320161646.GQ7465 at steelhead.localdomain> <C24CB51D5AA800449982D9BCB903251301620F32 at NAEX13.na.qualcomm.com> <20080321220401.GC14231 at steelhead.localdomain> <47E705A2.1000201 at cs.umd.edu>
Sender: hokey-bounces at ietf.org
User-agent: Thunderbird 2.0.0.12 (Macintosh/20080213)

Hi Charles,

For those we could not attend the IETF 71 (like me), could you summarize 
the technical reasons why the peer consent for DSRK key distribution 
should be removed?

At first sight, I see more security problems when peer consent is NOT 
implemented and some of them have been already mentioned. However, i see 
real benefits on providing peer consent to assure the server distributed 
a DSRK only when it was really required by the peer.

Based on this,  i would like to understand the technical reasons to NOT 
implement peer consent.

My best regards.



Charles Clancy wrote:
> Yoshi,
>
>  > I strongly believe that peer consent of DSRK, which is eventually used
>  > by the peer and visited domain to establish link-layer SAs for all
>  > authenticators in the entire visited domain, is important and needed.
>
> I've added your comments to issue 40 in the tracker, but the WG 
> consensus, as measured at IETF 71, is to not implement peer consent for 
> DSRK key distribution.  I understand that you feel strongly about this 
> issue, but in the interest of making progress on our documents, I 
> request that we move on.  Are you willing to make the required changes 
> to the key-mgm document?
>
> --
> t. charles clancy, ph.d.                 eng.umd.edu/~tcc
> electrical & computer engineering, university of maryland
> _______________________________________________
> HOKEY mailing list
> HOKEY at ietf.org
> https://www.ietf.org/mailman/listinfo/hokey
>
>   


-- 
------------------------------------------------------
Rafael Marin Lopez
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science-University of Murcia
30100 Murcia - Spain
Telf: +34968398501    e-mail: rafa at um.es
------------------------------------------------------

_______________________________________________
HOKEY mailing list
HOKEY at ietf.org
https://www.ietf.org/mailman/listinfo/hokey

References:
- Re: [HOKEY] ERX issues
  - From: Yoshihiro Ohba
- Re: [HOKEY] ERX issues
  - From: Narayanan, Vidya
- Re: [HOKEY] ERX issues
  - From: Yoshihiro Ohba
- Re: [HOKEY] ERX issues
  - From: Charles Clancy

Prev by Date: Re: [HOKEY] ERX issues
Next by Date: Re: [HOKEY] WGLC: draft-ietf-hokey-preauth-ps-02
Previous by thread: Re: [HOKEY] ERX issues
Next by thread: Re: [HOKEY] ERX issues
Index(es):
- Date
- Thread