IETF Logo Mail Archive

Re: [IPsec] Fw: New Version Notification for draft-smyslov-ipsecme-ikev2-null-auth-01.txt

Paul Wouters <paul@cypherpunks.ca> Tue, 04 March 2014 13:04 UTC

Return-Path: <paul@cypherpunks.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 595FD1A0143 for <ipsec@ietfa.amsl.com>; Tue, 4 Mar 2014 05:04:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t1B_8VaY6V_G for <ipsec@ietfa.amsl.com>; Tue, 4 Mar 2014 05:04:10 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by ietfa.amsl.com (Postfix) with ESMTP id 862181A00A3 for <ipsec@ietf.org>; Tue, 4 Mar 2014 05:04:10 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 6E002800AF; Tue, 4 Mar 2014 08:04:06 -0500 (EST)
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id s24D45hD009702; Tue, 4 Mar 2014 08:04:06 -0500
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Tue, 04 Mar 2014 08:04:05 -0500
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: Valery Smyslov <svanru@gmail.com>
In-Reply-To: <4E18E9585BAC49EABF54E1DC547A4273@buildpc>
Message-ID: <alpine.LFD.2.10.1403040802560.9640@bofh.nohats.ca>
References: <B1B032692C7045B7AEA06166F8AC9B9F@buildpc><21268.39396.785431.297271@fireball.kivinen.iki.fi><01FD5F789A0A406F9CCFC3033EA6721B@buildpc><alpine.LFD.2.10.1403040450410.1910@bofh.nohats.ca><21269.44464.979543.950214@fireball.kivinen.iki.fi><alpine.LFD.2.10.1403040603500.1910@bofh.nohats.ca> <21269.47282.170859.595467@fireball.kivinen.iki.fi> <4E18E9585BAC49EABF54E1DC547A4273@buildpc>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/6nq5RoyyXqMBBXqLXe9PFKg0sGE
Cc: "ipsec@ietf.org WG" <ipsec@ietf.org>, Tero Kivinen <kivinen@iki.fi>
Subject: Re: [IPsec] Fw: New Version Notification for draft-smyslov-ipsecme-ikev2-null-auth-01.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Mar 2014 13:04:12 -0000

On Tue, 4 Mar 2014, Valery Smyslov wrote:

> And in -01 draft I've added one more use case:
>
>  o  User wants to get some simple action from remote device.  Consider
>     garage door opener: it must authenticate user to open the door,
>     but it is not necessary for the user to authenticate the door
>     opener.  In this case one-way authentication is sufficient.
>
> In this example there is no harm if garage door opener
> fills in its ID Payload - it need not be anonymous.

There is harm. An observer could figure out if it is me that's opening
the door, or my wife or my kids.

If the server (door) does not need it, don't send it.

Paul

v2.23.0 | Report a Bug | By Email