"Damion K. Wilson" <dwilson,AT,ibl,DOT,bm>|
Re: CIPE-Win32: communication breakdown|
Alan Stern <stern,AT,rowland,DOT,harvard,DOT,edu>|
Fri, 6 Jun 2003 15:31:28 -0400 (EDT)|
Christof Meerwald <cmeerw,AT,web,DOT,de>, <cipe-l,AT,inka,DOT,de>|
On Fri, 6 Jun 2003, Damion K. Wilson wrote:
> I don't think that this approach is wrong, and it's intentionally written
> way. If A says to B: "I'm changing my key, here it is" and B never says:
> got it, go ahead" then there has been no successful key exchange so both A
> and B must try again.
> I didn't know that CIPE invalidates the key before receipt of the NK_IND
> been acknowledged by the peer. It the NK_ACK wasn't necessary, why have it
> all ?
> Olaf, if you're listening, do you have any guidance ?
My memory may be a little rusty, but I think Christof was right. The
reason for the NK_ACK message is that CIPE won't start to use the new key
until the NK_ACK is received. Until then it will fall back on the static
At least, that's what the documentation says. Maybe the implementation is