[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Shared Secret mismatch in AM3/MM5

To: "Walker, Jesse" <jesse.walker@intel.com>
Subject: RE: Shared Secret mismatch in AM3/MM5
From: Jianying Zhou <jyzhou@krdl.org.sg>
Date: Fri, 29 Oct 1999 09:22:37 +0800 (SGT)
cc: "'Ricky Charlet'" <rcharlet@redcreek.com>, ipsec@lists.tislabs.com, Andrew Krywaniuk <akrywaniuk@TimeStep.com>
In-Reply-To: <392A357CE6FFD111AC3E00A0C99848B002242CCD@hdsmsx31.hd.intel.com>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 28 Oct 1999, Walker, Jesse wrote:

> Rick,
> 
> I don't know what the designers were thinking, but consider
> man-in-the-middle for a minute. In order to defeat it, the IKE
> authentication proof has to demonstrate the peer's knowledge of both the
> shared secret and the negotiated Diffie-Hellman keying material. The design
> of IKE does this quite effectively by binding the two together in a single
> hash. If you remove the binding, then you reenable man-in-the-middle if you
> don't introduce some other means to tie them together.
> 
> -- Jesse
> 

But that kind of definition of SKEYID excludes nodadic users in the main
mode with pre-shared key for authentication.

Jianying

References:

RE: Shared Secret mismatch in AM3/MM5

From: "Walker, Jesse" <jesse.walker@intel.com>

Prev by Date: RE: Shared Secret mismatch in AM3/MM5
Next by Date: Re: Another DoS attack.
Prev by thread: RE: Shared Secret mismatch in AM3/MM5
Next by thread: RE: Shared Secret mismatch in AM3/MM5
Index(es):
- Main
- Thread