[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Nonce lengths in ISAKMP messages

To: ipsec@tis.com
Subject: Nonce lengths in ISAKMP messages
From: svakil@usr.com
Date: Tue, 30 Sep 1997 17:04:14 -0500
Sender: owner-ipsec@ex.tis.com

     Hi.  I had a few questions on nonces:
     What should the length of the nonces in the ISAKMP messages be? 
     According to draft-ietf-ipsec-oakley-02, section 2.3.1:
     
     Where nonces are indicated, they will be variable precision integers 
     with an entropy value that matches the "strength" attribute of the 
     GRP used with the exchange.  If no GRP is indicated, the nonces must 
     be at least 90 bits long.
     
     And, sections E.1 and E.2 of the same draft state that the strength of 
     the 768 bit and 1024 bit MODP groups is 26.
     
     So, for these two groups should the nonces be atleast 26 bits long but 
     could be any reasonable length > 26?  Does it matter if the initiator and 
     responder nonces are of different lengths (so long as they are atleast 
     'strength' bits long)?  Is there a set method to determine this length?
     
     Thanks,
     
     Sumit A. Vakil
     Software Engineer
     3Com Corporation

Follow-Ups:

Re: Nonce lengths in ISAKMP messages

From: Lewis McCarthy <lmccarth@cs.umass.edu>

Prev by Date: Re: change in isakmp/oakley
Next by Date: Re: change in isakmp/oakley
Prev by thread: WG Last Call
Next by thread: Re: Nonce lengths in ISAKMP messages
Index(es):
- Main
- Thread