Re: change in isakmp/oakley

["C. Harald Koch" <chk@utcc.utoronto.ca>]

In message <199709251439.RAA10983@ee.technion.ac.il>, Hugo Krawczyk writes:
> 
> You cannot complaint to me about continuous changes
> in the spec.

Don't feel personally slighted; I'm complaining to everyone about changes
these days. It's time to do the BGP thing, and get the standard deployed,
and make incompatible changes in the *next* version.

> changing the use of hash() to that of prf() in order
> to gain uniformity in the way SKEYID is derived in all 
> different modes. However, as I said, the mixing of keys (Ni and Nr)
> needed is SKEME cannot be guaranteed (in general) using a prf
> as draft 04 does. Cryptographic hash functions as used in the
> original SKEME and in draft-03 are better suited for that. 

Almost all implementors are currently using MD5 or SHA as the prf. I doubt
that anyone has even implemented anything else.

> Now, since the isakmp/oakley draft is going to change 
> anyway, this one is well worth doing. As I said, this change
> does not require or influence changes in other parts of the 
> spec.

My understanding is that the IO draft changes are primarily editorial.  Your
proposal, like the padding change in ESP, breaks every single existing
implementation. Many people here have been having a difficult time getting
the hashing of the various SKEYIDs and other hashes correct as it is, and
they're extremely difficult to debug.

I repeat: If this is a MUST change, we should consider it. Otherwise, take
it to IPsecond.

All MHO, naturally.

-- 
Harald

---

References:

• Re: change in isakmp/oakley
• From: Hugo Krawczyk <hugo@ee.technion.ac.il>

---

• Prev by Date: Re: change in isakmp/oakley
• Next by Date: Re: change in isakmp/oakley
• Prev by thread: Re: change in isakmp/oakley
• Next by thread: Re: change in isakmp/oakley
• Index(es):
  • Main
  • Thread