[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: issues with IKE that need resolution
Nonces are always needed to preserve freshness of authentication
(i.e., to protect against replay attacks).
If you ASSUME M-ID to be random and unique, that may suffice
(though I personally do not like basing security in fields such as
M-ID or SPI which do not hve an obvious or intrinsic security
functionality)
Hugo
On Thu, 17 Sep 1998, Daniel Harkins wrote:
> Yes, that's right. Do you think it should contain the nonces?
>
> Dan.
>
> On Thu, 17 Sep 1998 11:26:01 EDT you wrote
> > Am I right in assuming that the fourth message looks like this (using
> > IKE draft notation):
> >
> > Initiator Responder
> > ----------- -----------
> > <-- HDR*, HASH(4), Notify
> > where
> > HASH(4) = prf(SKEYID_a, M-ID | Notify)
> >
> > That would be what I'd expect, but some of the other Quick Mode hashes
> > require Nonce data from previous messages. Just want to make it all
> > explicit, that's all...
>
>
References: