[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Quick Mode HASH(3) and optional payloads

To: ipsec@tis.com
Subject: Quick Mode HASH(3) and optional payloads
From: hugh@mimosa.com ("D. Hugh Redelmeier")
Date: Wed, 3 Feb 1999 14:35:38 -0500
Sender: owner-ipsec@ex.tis.com

RFC2409 (IKE) section 5.5 (Phase 2 - Quick Mode) describes HASH(3) in
a way that does not specify that optional payloads should be included.
[The whole wording for hashing of optional payloads and other payload
orders seems to be tacked on in an unfortunate way.]

I think that optional payloads should be fed into the hash function,
after Nr_b.  This would make HASH(3) more like HASH(1) and HASH(2).
It would also provide checking for these optional payloads.

- am I right in thinking that optional payloads are allowed in the
  initiator's second Quick Mode message?

- am I right that the RFC does not specify that the HASH(3) includes
  optional payloads?

- is there a good reason not to include the optional payloads in
  HASH(3)?

- is there a good reason to include the optional payloads in HASH(3)?

Hugh Redelmeier
hugh@mimosa.com  voice: +1 416 482-8253

Follow-Ups:

Quick Mode HASH(3) and optional payloads

From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: RE: Question about mis-match SA lifetimes
Next by Date: RE: Question about mis-match SA lifetimes
Prev by thread: Question about truncating output length of HMAC computation
Next by thread: Quick Mode HASH(3) and optional payloads
Index(es):
- Main
- Thread