[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: change in isakmp/oakley
Hilarie and Harald,
You cannot complaint to me about continuous changes
in the spec. All changes I ever asked were motivated by
design and security needs of the protocol, and except for
the current one, I never asked to change my own specifications.
The reason that some of the design details kept changing is not because
I changed my mind, or my cryptographic undersatnding, but because
the changes I asked for were only accepted gradually by the WG and
editors.
My own proposal goes back to 1995 and has not changed
since then. It is documented in my SKEME paper published in
Feb 1996. This design was (and is) stable, sound, and unchanging.
Unfortunately, it took time to get the right details
into the ipsec protocols. Actually, they are not all
there, but I would not ask for any changes that are not
absolutely necessary.
One exception is the change from draft 03 to 04 as I described
in my previous message. In that case, I "fall to the temptation" of
changing the use of hash() to that of prf() in order
to gain uniformity in the way SKEYID is derived in all
different modes. However, as I said, the mixing of keys (Ni and Nr)
needed is SKEME cannot be guaranteed (in general) using a prf
as draft 04 does. Cryptographic hash functions as used in the
original SKEME and in draft-03 are better suited for that.
Now, since the isakmp/oakley draft is going to change
anyway, this one is well worth doing. As I said, this change
does not require or influence changes in other parts of the
spec.
Hugo
Follow-Ups: