Discussion:
[anonsec] Propose dropping asymmetric CBB
Sam Hartman
2006-03-20 21:49:06 UTC
Permalink
I propose that we drop the applicability statement for asymmetric CBB because I don't think it is useful.

I think the other applicability statements are much better than in
previous versions.

--Sam
Joe Touch
2006-03-20 22:19:22 UTC
Permalink
Should it be included as a variant for completeness, but the lack of
currently known utility / motivation noted?
Post by Sam Hartman
I propose that we drop the applicability statement for asymmetric CBB because I don't think it is useful.
I think the other applicability statements are much better than in
previous versions.
--Sam
_______________________________________________
Sam Hartman
2006-03-20 23:06:34 UTC
Permalink
Joe> Should it be included as a variant for completeness, but the
Joe> lack of currently known utility / motivation noted?

No, because I think it has security problems and I don't want to spend
the effort doing analysis unless we have a justification for that
work.



Let me make sure I understand what you mean though. You consider this
the case where one side verifies the channel binding but the other
side does not, not the case where you use channel bindings but one
side has full IKE, right?
Joe Touch
2006-03-20 23:10:28 UTC
Permalink
Is it worth mentioning "here it is, we're not discussing it due to
concerns about security problems"? I'm concerned about not addressing it
at all; I don't want to leave an open door for an update to miss ;-)

Joe
Post by Sam Hartman
Joe> Should it be included as a variant for completeness, but the
Joe> lack of currently known utility / motivation noted?
No, because I think it has security problems and I don't want to spend
the effort doing analysis unless we have a justification for that
work.
Let me make sure I understand what you mean though. You consider this
the case where one side verifies the channel binding but the other
side does not, not the case where you use channel bindings but one
side has full IKE, right?
Loading...