[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-ietf-ipsec-ike-01.txt



Jianying, Doug:

I can see another reason for wanting to include SAr_b in the authenticating
hash calculation.  The ISAKMP RFC specifically leaves the definition
of SA's open-ended, saying what must be included, but not limiting what
can be included:

 The SA attributes required and recommended for the IP Security (AH,
   ESP) are defined in [SEC-ARCH].  The attributes specified for an IP
   Security SA include, but are not limited to, authentication
   mechanism, cryptographic algorithm, algorithm mode, key length, and
   Initialization Vector (IV).  Other protocols that provide algorithm
   and mechanism independent security MUST define their requirements for
   SA attributes.  The separation of ISAKMP from a specific SA
   definition is important to ensure ISAKMP can establish SAs for all
   possible security protocols and applications.

Thus, even if we don't think a possible misunderstanding about
key length is a serious enough threat to warrant authenticating
SAr_b, if we don't include SAr_b in the authenticating
hash calculation there is always the possibility that in the future
the SA may contain some *other* security-relevant information that should
be authenticated in the hash.

Cathy Meadows