[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CBC IV generation in ISAKMP/Oakley



>>Shawn Mamros (smamros@newoak.com) said on  4/17/97 at 1:05 PM
>The first message of a Phase 2/Quick Mode exchange uses
>a hash of the last Phase 1 CBC output block output block with the
>Phase 2 message ID as its IV, with later messages in that particular
>exchange using the last CBC encryption block from the previous message
>in the exchange.  (One can read Appendix B of the -03 draft for the
>rest of the details.)
>

Dan,
How does this solve the IV situation  when there are two simultaneous
quick modes going on.  We had discussed a while ago that if each side
is negotiating a quick mode with each other simultaneously (which can 
happen if SAs expire at the sime time) there's no way that using the last CBC
encryption block from the previous message in the exchange would work.
You had indicated that this was solved in V3.  I don't see the solution.


Edward Russell
erussell@ftp.com



Follow-Ups: