[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new IKE draft
Matt :
>
>
> >7. impose limits on the size of nonces: 8 <= len(nonce) <= 256 (section 5)
> > 3 March email from Tero Kivinen and 4 March email from Hilarie Orman
>
> Just one question, in the the RSA Encryption modes don't the nonces need to
> be smaller than the RSA modulus (so they can be encrypted/decrypted)?
> (Also what happens in the non-Revised mode if the identification payload is
> larger than what can be encrypted via the RSA modulus?)
I think you are right. Actually, for stronger securuty, I think the input to
RSA encryption should not be longer than 2/3 of the size of the modulus.
Hugo and Ran, am I right about this ?
>
> Also, in the RSA Encryption modes you can specify a hash of the certificate
> you are using. How do you calculate the hash (since you have not finished
> negotiating the hash algorithm)?
In main mode, this "cert-hash" is not sent until after negotiation is
comopleted. In aggressive mode, well, you have to be careful about what
you propose. Not only the hash algorithms have to be the same in all
proposed transforms, but the encryption algorithms, the prfs (if any),
the authentication methods and the groups have to be the same as across
proposed transforms as well. As far as I can tell, the only thing that
can be different in aggressive mode is the life time.
Pau-Chen
> --
> Matt Thomas Internet: matt.thomas@altavista-software.com
> Internet Locksmith WWW URL: <coming eventually>
> AltaVista Internet Software Disclaimer: This message reflects my own
> Littleton, MA warped views, etc.
Follow-Ups: