1- Does the proposal sent in message 1 & 2 is in plain text or secured ?? if secure, how ?
They are sent in clear, as there is nothing to encrypt them at this point. Messages 5-6, which contain the identity are encrypted though.
would you please teach me the use of cookie and nonce ????
i have read lots of articles but i really don't get the point of cookie or how does it protect from replay attack and man in the middle
and i only know that nonce is used with preshared key to create a seed to be used with DH session key to derivce new keys