[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: ID payload in wrong msg? (was RE: More questions on ID types)
Vipul,
> > I think there is another problem however. For the mandatory
> > case of Authentication with Pre-Shared Key & Main Mode, it
> > seems to me that the ID payload is in the "wrong" message.
> > The pre-shared key needs to be accessed before the message
> > with the ID payload can be decrypted. The spec says that the
>
> [Other stuff deleted]
>
> Is this really true? I was under the impression that the
> key used for decryption is derived purely from the shared
> secret (as in g^xy mod p) established by the key exchange
> in messages 3 and 4 of main mode (i.e. the second messages
> of the initiator and responder, respectively). This is
> independent of the "shared secret" (say S) used for
> authentication.
For authentication with pre-shared keys, the SKEYID value seems
to be a function of the pre-shared key and the nonces, and this
is then used to calculate the SKEYID_e value, which is used for
encryption and decryption.
If it is too late to twiddle with Main Mode in the shared-key
case, then perhaps Agressive mode needs to be made mandatory
for hosts that don't have a fixed IP address.
Bryan