[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments on draft-ietf-ipsec-ike-01.txt
Jianying, Doug:
I can see another reason for wanting to include SAr_b in the authenticating
hash calculation. The ISAKMP RFC specifically leaves the definition
of SA's open-ended, saying what must be included, but not limiting what
can be included:
The SA attributes required and recommended for the IP Security (AH,
ESP) are defined in [SEC-ARCH]. The attributes specified for an IP
Security SA include, but are not limited to, authentication
mechanism, cryptographic algorithm, algorithm mode, key length, and
Initialization Vector (IV). Other protocols that provide algorithm
and mechanism independent security MUST define their requirements for
SA attributes. The separation of ISAKMP from a specific SA
definition is important to ensure ISAKMP can establish SAs for all
possible security protocols and applications.
Thus, even if we don't think a possible misunderstanding about
key length is a serious enough threat to warrant authenticating
SAr_b, if we don't include SAr_b in the authenticating
hash calculation there is always the possibility that in the future
the SA may contain some *other* security-relevant information that should
be authenticated in the hash.
Cathy Meadows