[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-ietf-ipsec-ike-01.txt

To: Tero Kivinen <kivinen@ssh.fi>
Subject: Re: Comments on draft-ietf-ipsec-ike-01.txt
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Fri, 25 Jun 1999 12:49:10 +0300 (IDT)
cc: ipsec list <ipsec@lists.tislabs.com>, "Harkins. Dan" <dharkins@network-alchemy.com>
In-Reply-To: <199906232233.BAA27621@torni.ssh.fi>
Reply-To: Hugo Krawczyk <hugo@ee.technion.ac.il>
Sender: owner-ipsec@lists.tislabs.com

> 
> > A more secure solution is to include both SAi_b and SAr_b in HASH_I
> > and HASH_R.
> 
> That would be one way to fix this problem. Anyways I don't think this
> is serious enough problem to modify IKE 1.0 protocol now. We can fix
> this and other problems later when we start thinking about next
> version of IKE.
> 

I believe that the current typo SAi_b instead of SAr_b inside HASH_R
needs to be corrected now even if other corrections (such as the ones 
suggested by Tero and by myself) will have to wait to a more thorough 
revision (and better done earlier than never).

The above typo may not be fatal but reflects bad in the IKE's spec,
and it is definitely open to PR-attacks (this a new typo of cryptographic
attack that many like these days; PR stands for "public-relations"...)

Hugo

Follow-Ups:

Re: Comments on draft-ietf-ipsec-ike-01.txt

From: Tero Kivinen <kivinen@ssh.fi>

References:

Re: Comments on draft-ietf-ipsec-ike-01.txt

From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: Re: IPCP implementations (i-data Networks)
Next by Date: RE: Getting the features chart going
Prev by thread: Re: Comments on draft-ietf-ipsec-ike-01.txt
Next by thread: Re: Comments on draft-ietf-ipsec-ike-01.txt
Index(es):
- Main
- Thread