[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Comments on ISAKMP/Oakley - 04
Hi,
I have the following comments/questions on the new version of
ISAKMP/Oakley:
1) Main and Aggressive Modes authenticated with public key
encryption
- On page 4 it is stated that PFS is provided for both keys and
identities, but how do the modes authenticated with public key
encryption provide PFS for the identities?
- The initiator optionally sends HASH(1) to tell the responder
which public key was used.
Why doesn't the responder send a corresponding HASH
when the initiator has more than one certificate?
- Both initiator and responder encrypt nonces and identities
(<ID>PubKey, <N>PubKey) in two steps.
An attacker could intercept the messages and insert
the own identity. Currently, I don't know how to build a
successful attack based on this 'weakness', but I propose to
resolve this potential weakness by encrypting the concatenation
(<ID || N>PubKey) instead.
2) The hash values HASH_I and HASH_R for authentication are
computed over SAp, ...
SAp is defined as the entire body of the SA payload offered
by the initiator. Is it a misprint or why is HASH_R computed
over the initiator and not over the responder SA payload?
Michael
Follow-Ups: