[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: new IKE draft

To: Daniel Harkins <dharkins@cisco.com>
Subject: Re: new IKE draft
From: Matt Thomas <matt@ljo.dec.com>
Date: Sat, 14 Mar 1998 09:39:54 -0500
Cc: ipsec@tis.com
In-Reply-To: <199803132034.MAA24565@dharkins-ss20.cisco.com>
Sender: owner-ipsec@ex.tis.com


>7. impose limits on the size of nonces: 8 <= len(nonce) <= 256 (section 5)
>	3 March email from Tero Kivinen and 4 March email from Hilarie Orman

Just one question, in the the RSA Encryption modes don't the nonces need to
be smaller than the RSA modulus (so they can be encrypted/decrypted)?
(Also what happens in the non-Revised mode if the identification payload is
larger than what can be encrypted via the RSA modulus?)

Also, in the RSA Encryption modes you can specify a hash of the certificate
you are using.  How do you calculate the hash (since you have not finished 
negotiating the hash algorithm)?  
-- 
Matt Thomas                    Internet:   matt.thomas@altavista-software.com
Internet Locksmith             WWW URL:    <coming eventually>
AltaVista Internet Software    Disclaimer: This message reflects my own
Littleton, MA                              warped views, etc.

References:

new IKE draft

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: AH/ESP drafts
Next by Date: Re: ESP_NULL internet draft submitted
Prev by thread: new IKE draft
Next by thread: Re: new IKE draft
Index(es):
- Main
- Thread