<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "Damion K. Wilson" <dwilson,AT,ibl,DOT,bm>
Subject: Re: CIPE-Win32: communication breakdown
From: Alan Stern <stern,AT,rowland,DOT,harvard,DOT,edu>
Date: Fri, 6 Jun 2003 15:31:28 -0400 (EDT)
Cc: Christof Meerwald <cmeerw,AT,web,DOT,de>, <cipe-l,AT,inka,DOT,de>
In-reply-to: <200306061439.13950.dwilson@ibl.bm>

On Fri, 6 Jun 2003, Damion K. Wilson wrote:

> I don't think that this approach is wrong, and it's intentionally written 
> that 
> way. If A says to B: "I'm changing my  key, here it is" and B never says: 
> "I 
> got it, go ahead" then there has been no successful key exchange so both A 
> and B must try again.
> 
> I didn't know that CIPE invalidates the key before receipt of the NK_IND 
> has 
> been acknowledged by the peer. It the NK_ACK wasn't necessary, why have it 
> at 
> all ?
> 
> Olaf, if you're listening, do you have any guidance ?

My memory may be a little rusty, but I think Christof was right.  The 
reason for the NK_ACK message is that CIPE won't start to use the new key 
until the NK_ACK is received.  Until then it will fall back on the static 
key.

At least, that's what the documentation says.  Maybe the implementation is 
different.

Alan Stern


<< | Thread Index | >> ]    [ << | Date Index | >> ]