Re: SOI: identity protection and DOS
Michael Thomas <mat@cisco.com> Wed, 21 November 2001 23:32 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id fALNWN800186; Wed, 21 Nov 2001 15:32:23 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id RAA16978 Wed, 21 Nov 2001 17:37:03 -0500 (EST)
From: Michael Thomas <mat@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <15356.11908.141636.804339@thomasm-u1.cisco.com>
Date: Wed, 21 Nov 2001 14:45:24 -0800
To: Henry Spencer <henry@spsystems.net>
Cc: Michael Thomas <mat@cisco.com>, ipsec@lists.tislabs.com
Subject: Re: SOI: identity protection and DOS
In-Reply-To: <Pine.BSI.3.91.1011120231925.1751D-100000@spsystems.net>
References: <15354.45414.23171.182987@thomasm-u1.cisco.com> <Pine.BSI.3.91.1011120231925.1751D-100000@spsystems.net>
X-Mailer: VM 6.72 under 21.1 (patch 6) "Big Bend" XEmacs Lucid
X-Face: &, heK/V66p?[2!i|tVn, 9lN0TUvEv7:9FzXREj/AuzN4m<D]vnFJ>u!4x[/Z4t{V}~L]+Sk @RFNnJEg~WZ/(8<`5a), -7ukALWa^&?&D2R0CSG3kO5~#6JxLF\d, g">$%B!0w{W)qIhmwhye104zd bUcI'1!
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Henry Spencer writes: > You have not actually established your key underlying assumption, that > identity protection necessarily involves substantial extra cost. > > The proposed IKEv2, if I've read the spec correctly, establishes both > an ISAKMP SA and a set of IPsec SAs, *with* full identity protection, > in 2 round trips. It is difficult to imagine improving on that. > > (IKE needs 2.5 round trips *without* identity protection.) Fine, then IKEv2 meets my proposed requirement. That doesn't negate the requirement, or the reason to have it. We are still talking about requirements, right? Mike
- I-D ACTION:draft-ietf-ipsec-son-of-ike-protocol-r… Internet-Drafts
- SOI: preshared Michael Thomas
- SOI: identity protection and DOS Michael Thomas
- SOI: round tripiness Michael Thomas
- Re: SOI: preshared Henry Spencer
- Re: SOI: identity protection and DOS Paul Koning
- Re: SOI: identity protection and DOS Joern Sierwald
- Re: SOI: preshared Michael Thomas
- Re: SOI: preshared Henry Spencer
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: preshared Paul Hoffman / VPNC
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: preshared Michael Thomas
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Ari Huttunen
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: identity protection and DOS Derek Atkins
- Re: SOI: identity protection and DOS david chen
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Radia Perlman - Boston Center for Networking
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Arne Ansper
- Re: SOI: identity protection and DOS Sandy Harris
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: identity protection and DOS Derek Atkins
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: identity protection and DOS Derek Atkins
- Re: SOI: preshared Michael Thomas
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Ari Huttunen
- Re: SOI: preshared DavidChenNH
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: identity protection and DOS Richard Guy Briggs
- Re: SOI: identity protection and DOS david chen
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Hugo Krawczyk
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Paul Hoffman / VPNC
- Re: SOI: identity protection and DOS Steven M. Bellovin
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Sara Bitan
- RE: SOI: identity protection and DOS Andrew Krywaniuk
- RE: SOI: identity protection and DOS Paul Hoffman / VPNC
- On shared keys (was RE: SOI: identity protection … Hugo Krawczyk
- Re: SOI: identity protection and DOS Hugo Krawczyk
- Re: SOI: identity protection and DOS Derek Atkins
- Re: SOI: identity protection and DOS Ari Huttunen
- Re: SOI: identity protection and DOS Alex Alten
- On shared keys (was RE: SOI: identity protection … Michael Thomas
- Re: On shared keys (was RE: SOI: identity protect… Alex Alten
- Re: SOI: identity protection and DOS Hugo Krawczyk
- Re: SOI: identity protection and DOS Hugo Krawczyk
- Re: SOI: identity protection and DOS Michael Thomas
- Re: SOI: identity protection and DOS Derek Atkins
- Re: On shared keys Ricky Charlet
- Re: On shared keys (was RE: SOI: identity protect… Derek Atkins
- Re: On shared keys (was RE: SOI: identity protect… Michael Thomas
- Re: SOI: identity protection and DOS david chen
- Re: SOI: identity protection and DOS david chen
- Re: SOI: identity protection and DOS Steven M. Bellovin
- Re: SOI: identity protection and DOS david chen
- Re: SOI: identity protection and DOS david chen
- Re: SOI: identity protection and DOS Derek Atkins
- Re: SOI: identity protection and DOS Steven M. Bellovin
- RE: On shared keys (was RE: SOI: identity protect… Andrew Krywaniuk
- RE: SOI: identity protection and DOS Andrew Krywaniuk
- Re: SOI: identity protection and DOS Derek Atkins
- Re: SOI: identity protection and DOS david chen
- Re: SOI: identity protection and DOS Richard Guy Briggs
- Re: SOI: identity protection and DOS Arne Ansper
- Re: Gee, shared secrets suck (was: Re: SOI: ident… David Jablon
- Re: SOI: identity protection and DOS Arne Ansper
- Re: SOI: identity protection and DOS Henry Spencer
- Re: SOI: identity protection and DOS Steven M. Bellovin
- Re: SOI: identity protection and DOS Henry Spencer
- RE: SOI: identity protection and DOS Paul Koning
- Gee, shared secrets suck (was: Re: SOI: identity … Joel Snyder
- Re: Gee, shared secrets suck (was: Re: SOI: ident… david chen
- Re: SOI: identity protection and DOS david chen
- Re: SOI: identity protection and DOS david chen
- Re: SOI: identity protection and DOS david chen
- Re: On shared keys Tylor Allison
- Re: SOI: identity protection and DOS david chen
- Re: SOI: identity protection and DOS Paul Koning
- RE: On shared keys (was RE: SOI: identity protect… Alex Alten
- RE: SOI: identity protection and DOS Andrew Krywaniuk
- RE: SOI: identity protection and DOS Hugo Krawczyk
- Re: SOI: identity protection and DOS david chen
- RE: On shared keys (was RE: SOI: identity protect… Dilkie, Lee
- Re: On shared keys (was RE: SOI: identity protect… Derek Atkins
- Re: On shared keys Jari Arkko
- Re: On shared keys (was RE: SOI: identity protect… Alex Alten
- Re: On shared keys (was RE: SOI: identity protect… david chen
- Re: On shared keys (was RE: SOI: identity protect… Derek Atkins
- Re: On shared keys sami.vaarala
- Re: On shared keys (was RE: SOI: identity protect… Paul Koning
- Re: On shared keys Derek Atkins
- Re: On shared keys Henry Spencer
- Re: Gee, shared secrets suck (was: Re: SOI: ident… Arne Ansper
- Re: On shared keys Derek Atkins
- Re: On shared keys Arne Ansper
- RE: On shared keys Wang, Cliff
- Re: On shared keys (was RE: SOI: identity protect… Stephen Kent
- Re: On shared keys Sami Vaarala
- Re: On shared keys Sami Vaarala
- RE: On shared keys (was RE: SOI: identity protect… Alex Alten
- Re: On shared keys Derek Atkins
- Re: On shared keys Sami Vaarala
- Re: On shared keys (was RE: SOI: identity protect… Sandy Harris
- Re: On shared keys (was RE: SOI: identity protect… david chen
- RE: On shared keys (was RE: SOI: identity protect… Khaja E. Ahmed
- RE: On shared keys (was RE: SOI: identity protect… Wang, Cliff
- RE: On shared keys (was RE: SOI: identity protect… Wang, Cliff
- Re: On shared keys (was RE: SOI: identity protect… Derek Atkins
- Re: On shared keys (was RE: SOI: identity protect… Derek Atkins
- RE: On shared keys (was RE: SOI: identity protect… Wang, Cliff
- Re: On shared keys (was RE: SOI: identity protect… Derek Atkins
- RE: On shared keys (was RE: SOI: identity protect… Wang, Cliff
- Re: On shared keys (was RE: SOI: identity protect… david chen
- Re: On shared keys (was RE: SOI: identity protect… Sandy Harris
- RE: On shared keys (was RE: SOI: identity protect… Wang, Cliff
- RE: On shared keys (was RE: SOI: identity protect… Wang, Cliff
- Re: On shared keys (was RE: SOI: identity protect… david chen
- RE: On shared keys (was RE: SOI: identity protect… Wang, Cliff
- Re: On shared keys (was RE: SOI: identity protect… david chen
- RE: On shared keys (was RE: SOI: identity protect… Wang, Cliff
- Re: On shared keys (was RE: SOI: identity protect… david chen
- RE: On shared keys (was RE: SOI: identity protect… Wang, Cliff
- Re: On shared keys (was RE: SOI: identity protect… david chen
- RE: SOI: identity protection and DOS Andrew Krywaniuk
- RE: On shared keys (was RE: SOI: identity protect… Wang, Cliff
- Re: On shared keys (was RE: SOI: identity protect… david chen
- RE: SOI: identity protection and DOS Hugo Krawczyk
- SA look up Jin Zhang
- RE: SA look up Li, Ruicong