Paul Hoffman writes: > Greetings again. Tracker issue #98 is the same as the message that > Pasi sent to the mailing list last month; see > <http://www.ietf.org/mail-archive/web/ipsec/current/msg04050.html>. > There is disagreement among the authors of the session resumption > draft how to deal with this issue. > > One proposal is to add text similar to Pasi's to the document in > order to let implementers understand all the things that they might > need to do to prevent damage from a replay attack. If this is the > method chosen, it should probably be as a section in the main body > of the document, not as a "security consideration" because the > issues are more operational than security. > > A different proposal is to get rid of the one-round-trip mode and > have the protocol always take two round trips. This prevents the > attack that Pasi brings up, at a higher cost for the clients and > server. > > If you have a preference between these two proposal, please state it now.
This comes back to again to what use the resumption is aimed for (I tried to ask this in meeting, and it seems nobody knows, so it makes it impossible to think whether some optimization in the protocol is needed or not). Anyways, I would prefer to have safer protocol even if it would be one more round trip. It would also make protocol simplier, as we would not need to have separate optional cookie exchange version. So I would vote for 2 round trip version of the protocol. BTW the ticket #98 has wrong component (draft-ietf-ipsecme-ikev2bis), it should have ikev2-resumption instead. Also the ticket component names are not consistent, there is both ikev2bis and draft-ietf-ipsecme-ikev2bis and only the last one of them is used, but all other components ignore the draft-ietf-ipsecme part... -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
