[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comments on ISAKMP/Oakley - 04

To: dharkins@cisco.com
Subject: Comments on ISAKMP/Oakley - 04
From: Michael Bungert <Michael.Bungert@mchp.siemens.de>
Date: Wed, 06 Aug 97 15:48:19 PDT
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

Hi,

I have the following comments/questions on the new version of
ISAKMP/Oakley:

1) Main and Aggressive Modes authenticated with public key 
encryption
- On page 4 it is stated that PFS is provided for both keys and 
identities, but how do the modes authenticated with public key 
encryption provide PFS for the identities?

- The initiator optionally sends HASH(1) to tell the responder 
which public key was used.
Why doesn't the responder send a corresponding HASH 
when the initiator has more than one certificate?

- Both initiator and responder encrypt nonces and identities 
(<ID>PubKey, <N>PubKey) in two steps.
An attacker could intercept the messages and insert 
the own identity. Currently, I don't know how to build a 
successful attack based on this 'weakness', but I propose to
resolve this potential weakness by encrypting the concatenation
(<ID || N>PubKey) instead.

2) The hash values HASH_I and HASH_R for authentication are 
computed over SAp, ...
SAp is defined as the entire body of the SA payload offered 
by the initiator. Is it a misprint or why is HASH_R computed 
over the initiator and not over the responder SA payload?

Michael

Follow-Ups:

Re: Comments on ISAKMP/Oakley - 04

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: Corner-case question
Next by Date: Re: Corner-case question
Next by thread: Re: PKCS 7 + PKCS 10 Proposal
Index(es):
- Main
- Thread