[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
two questions?
Hello, all,
After reading the IKE document (draft-ietf-ipsec-isakmp-oakley-08.txt), I
have the following questions. Could somebody clarify it for me? Thank
you in advance!
#1. It seems that I have not caught some typing conventions. There
are g^xi, g^xr, and g^xy in IKE document. I just wonder what
are enclosed in KE payload (ephemeral values) and what are
pre-established (long term). g^xy is used to derive SKEYID and
g^xi, g^xr are used to compute the HASH_I, HASH_R.
#2. In IKE phase 1 Authenticated with Signatures, SIG_I and SIG_R
needs to be computed and it is stated that (in Page 9) "SIG_I
or SIG_R, is the result of the negotiated digital signature
algorithm applied to HASH_I or HASH_R". But at the same time,
a CERT is included in the message. Isn't this CERT used to
verify the signature? If yes, then the algorithm used to
verify the signature should be in the CERT (generally CERT
will contain a field about the algorithm). How to explain
this?
I will greatly appreciate your time if you can clarify this!
Thank you!
Hua