SKEYID lengths and IVs

[owner-ipsec@ex.tis.com]

Hi.  I had some questions on Appendix B of the Resolution draft:

1. SKEYID length:  Appendix B of the resolution draft explains a method to
increase the length of the SKEYIDs if the output of the PRF is not long
enough.  How is the length of the SKEYIDs determined in the first place?
Is it 'atleast' 90 bits as per the Oakley draft?  Also, if SKEYID_d is
going to be derived this way, what is the reason for expanding SKEYID?  Is
this method for use with SKEYID_d only or would it be used for SKEYID_e
also?  If it is to be used with SKEYID_e, then why use the key expansion
method described later on instead of just expanding SKEYID_e, and then
using the required number of octets from it as the encryption key?

2. IV generation for phase 2 messages:  Appendix B also describes how to
generate IVs for encrypting phase 2 exchanges.  It states that the IV for
the first phase 2 message is derived from a hash of the concatenation of
the last phase 1CBC output block and the phase 2 message id.  Since the
Aggressive exchange does not encrypt any messages, there would be no phase
1CBC output blocks.  How would the phase 2 IV be derived in this case?
Should the hash of the concatenation of the two sides' public
Diffie-Hellman values be used instead?

Thanks,

Sumit A. Vakil
3Com, Corp.

---

• Prev by Date: Re: (NAT) Re: Interactions between IPSEC and NAT
• Next by Date: Re: (NAT) Re: Interactions between IPSEC and NAT
• Prev by thread: Re: (NAT) Re: Interactions between IPSEC and NAT
• Next by thread: RE: SKEYID lengths and IVs
• Index(es):
  • Main
  • Thread