Re: CBC IV generation in ISAKMP/Oakley

[Daniel Harkins <dharkins@cisco.com>]

Ed Russell wrote:
> >Shawn Mamros (smamros@newoak.com) said on  4/17/97 at 1:05 PM
> >The first message of a Phase 2/Quick Mode exchange uses
> >a hash of the last Phase 1 CBC output block output block with the
> >Phase 2 message ID as its IV, with later messages in that particular
> >exchange using the last CBC encryption block from the previous message
> >in the exchange.  (One can read Appendix B of the -03 draft for the
> >rest of the details.)
> 
> How does this solve the IV situation  when there are two simultaneous
> quick modes going on.  We had discussed a while ago that if each side
> is negotiating a quick mode with each other simultaneously (which can 
> happen if SAs expire at the sime time) there's no way that using the last CBC
> encryption block from the previous message in the exchange would work.
> You had indicated that this was solved in V3.  I don't see the solution.

  The IV for Quick Mode is hash(phase1-IV | message-ID). Since the message-ID
is unique for each quick mode the IV will be different. This is the IV
for this Quick Mode, after it's over the IV and all associated state
goes away. The next Quick Mode has another (new and different) IV. If
two start simultaneously they'll each have a different IV. The message-id
in the header lets you identify the state (incl. the IV) for this particular
exchange. The IVs are still running, there is a defined start (so each side
has the same one) but after processing each Quick Mode packet it changes
until the Quick Mode ends then it goes away.

  Dan.

---

References:

• RE: CBC IV generation in ISAKMP/Oakley
• From: Edward Russell <erussell@ftp.com>

---

• Prev by Date: Re: introduction; certificates & proxy authentication.
• Next by Date: Re: introduction; certificates & proxy authentication.
• Prev by thread: RE: CBC IV generation in ISAKMP/Oakley
• Next by thread: RE: CBC IV generation in ISAKMP/Oakley
• Index(es):
  • Main
  • Thread