Vidya, On Sun, Feb 18, 2007 at 11:20:54PM -0800, Narayanan, Vidya wrote: (snip) > > > > Going back to your proposed text: > > > > "It is RECOMMENDED that the key transport protocol be able to detect > > impersonation. When it is not feasible to guarantee that, every key > > handed out from the server to an entity for a given peer MUST be > > different from every other key handed out for a given peer." > > > > I think that detection of impersonation is part of the > > "Authenticate all parties" *requirement* (not a recommendation). > > > > I don't think it is a "requirement" - and the reason I believe that is > due to the second sentence in that text above. This is what I tried to > explain in much greater detail in my first response to Sam on this > thread. As long as no two keys distributed from the server are the same, > even to the same perceived identity, there is nothing that a lying > entity can do to sessions with other entities. So, as long as a solution > satisfies that criteria, it is not a MUST to detect impersonation. But, > I do agree that it would be much better if the detection was done by the > key transport mechanism - hence, I think "RECOMMENDED" is appropriate :) > > I believe this is a requirement. If a particular AAA key management framework is hard to satisfy this requirement in a particular usage, I think that the right way to do is to have some text in the corresponding framework document about the potential vulnerability in that usage, rather than trying to relax the requirement itself. Yoshihiro Ohba _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf