[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ID payload in wrong msg? (was RE: More questions on ID types)

To: Vipul Gupta <vgupta@nobel.Eng.Sun.COM>, BGleeson@shastanets.com
Subject: RE: ID payload in wrong msg? (was RE: More questions on ID types)
From: Bryan Gleeson <BGleeson@shastanets.com>
Date: Tue, 30 Jun 1998 17:10:48 -0700
Cc: ddp@network-alchemy.com, ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

Vipul,

> > I think there is another problem however. For the mandatory
> > case of Authentication with Pre-Shared Key & Main Mode, it 
> > seems to me that the ID payload is in the "wrong" message.
> > The pre-shared key needs to be accessed before the message 
> > with the ID payload can be decrypted. The spec says that the 
>  
>   [Other stuff deleted]
> 
>    Is this really true? I was under the impression that the
>    key used for decryption is derived purely from the shared
>    secret (as in g^xy mod p) established by the key exchange 
>    in messages 3 and 4 of main mode (i.e. the second messages
>    of the initiator and responder, respectively). This is
>    independent of the "shared secret"  (say S) used for 
>    authentication. 

For authentication with pre-shared keys, the SKEYID value seems 
to be a function of the pre-shared key and the nonces, and this 
is then used to calculate the SKEYID_e value, which is used for 
encryption and decryption.  

If it is too late to twiddle with Main Mode in the shared-key 
case, then perhaps Agressive mode needs to be made mandatory 
for hosts that don't have a fixed IP address. 

Bryan

Prev by Date: Re: More questions on ID types
Next by Date: Re: Byte-count lifetime enforcement?
Prev by thread: ID payload in wrong msg? (was RE: More questions on ID types)
Index(es):
- Main
- Thread