[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: representation of IKE DH shared secret

To: jburke@cylink.com (John Burke)
Subject: Re: representation of IKE DH shared secret
From: Dan Harkins <dharkins@network-alchemy.com>
Date: Fri, 23 Apr 1999 10:32:19 -0700
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Thu, 22 Apr 1999 18:01:17 PDT." <3.0.32.19990422180116.009dd8e0@cymail.cylink.com>
Sender: owner-ipsec@lists.tislabs.com

  This email was intentionally not sent to the list and I'm not too
happy it was posted without my permission. 

  sigh,

    Dan.

On Thu, 22 Apr 1999 18:01:17 PDT John Burke unethically copied:
> Just for the interest of all contributors:
>
> > At 03:34 PM 4/22/99 -0700, you wrote:
> >On Thu, 22 Apr 1999 13:01:55 PDT you wrote
> >> At 06:53 PM 4/21/99 -0700, somebody wrote:
> >> >On Wed, 21 Apr 1999 01:54:47 EDT you wrote
> >> >> 
> >> >> For a similar case, that of the KE payload, RFC 2409 does specify the
> >> >> more about the representation in section 5:
> >> >> 
> >> >>    The Diffie-Hellman public value passed in a KE payload, in either a
> >> >>    phase 1 or phase 2 exchange, MUST be the length of the negotiated
> >> >>    Diffie-Hellman group enforced, if necessary, by pre-pending the valu
>e
> >> >>    with zeros.
> >>   [ ... ]
> >> >I'm obviously not enough of a pedant so let me try to be one. Webster
> says:
> >> >"encode: to convert (as a body of information) from one system of
> >> >communication into another." So if the KE payload was, say, MIME then we
> >> >would have an encoding. The information is not converted into another
> >> >system. It's not an encoding. It's no contradiction.
> >> > 
> >> [ ... ]
> >> >Is this a problem? We seem to have gotten a score (or so) interoperable
> >> >implementations as its written but maybe that's just because a D-H
> >> >secret hasn't been produced yet that began with 8 bits of zero. But
> >> >somehow I doubt it.
> >> 
> >> I would suggest the attitude showing through in the above does not
> >> contribute to the clearest specs.  As another responder (Tero Kivinen
> >> <kivinen@ssh.fi>) pointed out, some implementors had to go to an
> >> interoperation workshop to discover such things.  The fact that x percent
> >> of twenty people guess right - when not entirely isolated - doesn't make
> >> the spec clear.
> >
> >Nice suggestion John. But it's true. I'm not anal-retentive enough to
> >write "clear". I seriously wonder how some people tie their shoes in the
> >morning and walk across a street.
> >
> >> On the other hand there is this in the conclusion:
> >
> >> >The way to proceed is to write up some suggested text and send it to
> >> >the list. If no one complains I'll add it to the next rev which will be
> >>  [ ... ]
> >
> >What a completely content-free post. A "suggestion", which is no such thing
> >at all, followed by an observation of something that was obvious to all.
> >Way to contribute! 
> >
> >  Dan,
> >
> >
>

References:

Re: Re: representation of IKE DH shared secret

From: jburke@cylink.com (John Burke)

Prev by Date: Re: representation of IKE DH shared secret
Next by Date: Re: Re: representation of IKE DH shared secret
Prev by thread: Re: Re: representation of IKE DH shared secret
Next by thread: Re: Re: representation of IKE DH shared secret
Index(es):
- Main
- Thread