[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

two questions?

To: ipsec@tis.com
Subject: two questions?
From: Hua Lin <hlin@gmu.edu>
Date: Mon, 9 Nov 1998 21:26:59 -0500 (EST)
Sender: owner-ipsec@ex.tis.com

Hello, all,

After reading the IKE document (draft-ietf-ipsec-isakmp-oakley-08.txt), I
have the following questions.  Could somebody clarify it for me?  Thank
you in advance!
	#1. It seems that I have not caught some typing conventions. There
	    are g^xi, g^xr, and g^xy in IKE document.  I just wonder what
	    are enclosed in KE payload (ephemeral values) and what are
	    pre-established (long term). g^xy is used to derive SKEYID and
	    g^xi, g^xr are used to compute the HASH_I, HASH_R.

	#2. In IKE phase 1 Authenticated with Signatures, SIG_I and SIG_R
	    needs to be computed and it is stated that (in Page 9) "SIG_I
	    or SIG_R, is the result of the negotiated digital signature
	    algorithm applied to HASH_I or HASH_R".  But at the same time,
	    a CERT is included in the message.   Isn't this CERT used to
	    verify the signature?  If yes, then the algorithm used to
	    verify the signature should be in the CERT (generally CERT
	    will contain a field about the algorithm).  How to explain
	    this?

I will greatly appreciate your time if you can clarify this!

Thank you!

Hua

Prev by Date: IPSEC Policy Selectors and ISAKMP
Next by Date: I-D ACTION:draft-ietf-ipsec-isakmp-xauth-03.txt
Prev by thread: IPSEC Policy Selectors and ISAKMP
Next by thread: I-D ACTION:draft-ietf-ipsec-isakmp-xauth-03.txt
Index(es):
- Main
- Thread