[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE questions.
owner-ipsec@ex.tis.com writes:
> For public key encryption: SKEYID = prf(hash(Ni_b | Nr_b), CKY-I |CKY-R)
...
> Since the only shared key between the two peers at this stage is the
> Diffie-Hellman one
> then how is authentication achieved?
...
> I am sure I am missing something, so please let me know what I've
> overlooked.
The Ni and Nr are encrypted using the public key of the remote host,
thus only the holder of that private key can decrypt them and
calculate that SKEYID hash.
> 2. Cert-I_b is not defined anywhere in the document but is used in the
> variant public key
> Phase 1 exchanges. What is its use in this exchange and why is it
> optional?
It is normal Cert payload, but encrypted using the symmetric key
derived from the encrypted nonces and cookies.
--
kivinen@iki.fi Work : +358-9-4354 3218
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
References: