[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Negotiated Hash Algorithms in ISAKMP/OAKLEY

To: "'isakmp-oakley@cisco.com'" <isakmp-oakley@cisco.com>, "'ipsec@tis.com'" <ipsec@tis.com>
Subject: Negotiated Hash Algorithms in ISAKMP/OAKLEY
From: "Edward A. Russell" <erussell@ftp.com>
Date: Wed, 22 Jan 1997 12:24:30 -0500
Sender: owner-ipsec@ex.tis.com

Is this a correct interpretation of the ISAKMP/OAKLEY spec:

All hashes used in messages and keying material are the NATIVE form of the negotiated hash algorithm
which is either MD5 or SHA

The ONLY time the HMAC version of MD5 or SHA is used is during the Oakley Phase1 authentication
(specifically, in authentication with a pre-shared key, the HASH_I and HASH_R will be the HMAC version
of MD5 or SHA depending on what was negotiated). 

Correct?

(If I am incorrect and you can actually negotiate to use HMAC MD5 or NATIVE MD5 for example, then
what is the Oakley number for that, does it need to be supported, and what would you use during
authentication? The HMAC version of HMAC MD5 for example?????)





Edward Russell
erussell@ftp.com

Follow-Ups:

Re: Negotiated Hash Algorithms in ISAKMP/OAKLEY

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: IPsec hardware accelerators (Rainbow warning)
Next by Date: Re: Negotiated Hash Algorithms in ISAKMP/OAKLEY
Prev by thread: Re: DATANET SECURITY 97 PROGRAM
Next by thread: Re: Negotiated Hash Algorithms in ISAKMP/OAKLEY
Index(es):
- Main
- Thread