[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: issues with IKE that need resolution

To: Daniel Harkins <dharkins@cisco.com>
Subject: Re: issues with IKE that need resolution
From: "H.Krawczyk" <hugo@watson.ibm.com>
Date: Thu, 17 Sep 1998 14:54:20 -0400 (EDT)
Cc: Shawn Mamros <Shawn_Mamros@BayNetworks.COM>, ipsec@tis.com
In-Reply-To: <199809171543.IAA25977@chip.cisco.com>
Sender: owner-ipsec@ex.tis.com

Nonces are always needed to preserve freshness of authentication 
(i.e., to protect against replay attacks). 
If you ASSUME M-ID to be random and unique, that may suffice
(though I personally do not like basing security in fields such as
M-ID or SPI which do not hve an obvious or intrinsic security
functionality)

Hugo

On Thu, 17 Sep 1998, Daniel Harkins wrote:

>   Yes, that's right. Do you think it should contain the nonces?
> 
>   Dan.
> 
> On Thu, 17 Sep 1998 11:26:01 EDT you wrote
> > Am I right in assuming that the fourth message looks like this (using
> > IKE draft notation):
> > 
> >         Initiator                        Responder
> >        -----------                      -----------
> >                                   <--    HDR*, HASH(4), Notify
> > where
> >        HASH(4) = prf(SKEYID_a, M-ID | Notify)
> > 
> > That would be what I'd expect, but some of the other Quick Mode hashes
> > require Nonce data from previous messages.  Just want to make it all
> > explicit, that's all...
> 
>

References:

Re: issues with IKE that need resolution

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: issues with IKE that need resolution
Next by Date: RE: issues with IKE that need resolution
Prev by thread: Re: issues with IKE that need resolution
Next by thread: Re: issues with IKE that need resolution
Index(es):
- Main
- Thread