[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: change in isakmp/oakley
In message <199709251439.RAA10983@ee.technion.ac.il>, Hugo Krawczyk writes:
>
> You cannot complaint to me about continuous changes
> in the spec.
Don't feel personally slighted; I'm complaining to everyone about changes
these days. It's time to do the BGP thing, and get the standard deployed,
and make incompatible changes in the *next* version.
> changing the use of hash() to that of prf() in order
> to gain uniformity in the way SKEYID is derived in all
> different modes. However, as I said, the mixing of keys (Ni and Nr)
> needed is SKEME cannot be guaranteed (in general) using a prf
> as draft 04 does. Cryptographic hash functions as used in the
> original SKEME and in draft-03 are better suited for that.
Almost all implementors are currently using MD5 or SHA as the prf. I doubt
that anyone has even implemented anything else.
> Now, since the isakmp/oakley draft is going to change
> anyway, this one is well worth doing. As I said, this change
> does not require or influence changes in other parts of the
> spec.
My understanding is that the IO draft changes are primarily editorial. Your
proposal, like the padding change in ESP, breaks every single existing
implementation. Many people here have been having a difficult time getting
the hashing of the various SKEYIDs and other hashes correct as it is, and
they're extremely difficult to debug.
I repeat: If this is a MUST change, we should consider it. Otherwise, take
it to IPsecond.
All MHO, naturally.
--
Harald
References: