[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

change in isakmp/oakley



I would like to request a change in the isakmp/oakley resolution draft. 

In  version 03 of the draft the value of SKEYID for the encryption mode
was defined as: 

              SKEYID = hash(Ni | Nr)

Later in version 04 it was changed to:

              SKEYID = prf(Ni | Nr, CKY-I | CKY-R)

This was done for the sake of uniformity with the derivation of SKEYID
in the other modes which use a prf.

However, Moni Naor pointed out to me that  this last form may not
provide all the mixing of Ni and Nr as required for the security of
the authentication. To guarantee such a mixing I ask to change it back 
to the form of draft 03 or even better to

             SKEYID = hash(Ni | Nr | CKY-I | CKY-R)

(where hash is the negotiated hash algorithm).

This change has no impact on any other part of the specification.
If anyone has an objection to this please let me (and the list) know. 
Otherwise, I'd like to ask Dan Harkins to document this form in draft 05.
(Same is applicable to the "revised encryption mode".)

Thanks,

Hugo

PS: Let me clarify that I was responsible for the original definition in
draft 03 (which follows my own design in SKEME) and also for requesting 
the change that was reflected in 04, and which I am undoing now (back to
SKEME)... 



Follow-Ups: