[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

some questions about IKE

To: ipsec@lists.tislabs.com
Subject: some questions about IKE
From: Marcello De Angelis <Marcello.DeAngelis@cselt.it>
Date: Fri, 02 Jul 1999 16:51:37 +0200 (MET DST)
Sender: owner-ipsec@lists.tislabs.com


I am a engineering student working on my degree's thesis.
I'm studiing security protocols, particularly IPSec and IKE.

I have some doubts about IKE. I'd like to know if the following assertions
about phase 1 authentication are right.

1. When we use a pre-shared Key, if I'm able to calculate SKEYD then I'm
really the owner of the pre-shared key. As a consequence, the digest is a
proof of authentication because it depends on SKEYD.

2. When we use a public cryptography scheme, if I'm able to calculate
SKEYD then I'm the owner of the right private key. In fact SKEYD depends
on same values (nonces) that were encrypted with my public key. As a
consequence, the digest is a proof of autentication because it depends on
SKEYD.

3. When we use a "digital signature" scheme, SKEYD is not a securely
secret value, because of a man-in-the-middle-attack. For this reason I
send a digital signature of the digest: this signature is a proof of
authentication and defeats the man-in-the-middle attack.

I apologize for my errors.

thanks in advance,
Marcello De Angelis.

Prev by Date: Re: Revised Mobile IPv6 draft available
Next by Date: Re: Revised Mobile IPv6 draft available
Prev by thread: Re: Revised Mobile IPv6 draft available
Next by thread: draft-ietf-ipsec-notifymsg-00.txt (long again)
Index(es):
- Main
- Thread