[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: representation of IKE DH shared secret

To: hugh@mimosa.com
Subject: Re: representation of IKE DH shared secret
From: Shawn Mamros <smamros@nortelnetworks.com>
Date: Wed, 21 Apr 1999 11:52:25 -0400
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

>=> I think that RFC 2409 should have specified the representation to
>   be used for the DH shared secret.
>
>If it is agreed that this is a problem, what is the appropriate way to
>deal with it?

RFC 2409 will have to be revised at least once as it goes from Proposed
to Draft Standard.  That would be a good time to put clarifying text
in there.  If the long-talked-about clarifications document gets
written, that would be a good place for it too.

For the record, all the interoperable implementations I've seen use
the same representation, which is the same as that mentioned for the
KE payload contents in RFC 2409, section 5 - just the number itself,
big-endian representation, pre-pended with zeroes to be the same number
of bits as the group description, rounded up to the nearest integral
number of octets.  I think that's been the assumption all along, but
assumptions aren't always codified in text as well as they can be.
But that's what the whole Proposed Standard->Draft Standard->Standard
process is all about, right?

-Shawn Mamros
E-mail to: smamros@nortelnetworks.com

Prev by Date: representation of IKE DH shared secret
Next by Date: Re: representation of IKE DH shared secret
Prev by thread: Re: representation of IKE DH shared secret
Next by thread: Re: representation of IKE DH shared secret
Index(es):
- Main
- Thread