[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-ietf-ipsec-ike-base-mode-02.txt

To: ipsec@lists.tislabs.com
Subject: draft-ietf-ipsec-ike-base-mode-02.txt
From: Yael Dayan <yael@radguard.com>
Date: Thu, 20 Jan 2000 14:36:40 +0200
Cc: hugo@ee.technion.ac.il
Organization: Radguard
Sender: owner-ipsec@lists.tislabs.com

A new Base Mode draft was published.
The changes regard HASH_I and HASH_R in signature mode.
Hugo Krawczyk pointed out an attack on signature mode in which:
A man in the middle (E) can convince the responder (R) it has exchanged
and authenticated g^xy with the initiator (I), and yet it makes the
initiator think that g^xy was exchanged with E.
Thus it is possible that messages sent by R to I will be credited to E,
even though E does not know g^xy.
Although this requires that I does not know the identity of R prior to
the exchange (which is not typical), the appropriate change has been
made to HASH I. Due to this change, the responder will notice that E has
tried to impersonate him.
Since the initiator and responder ID's  are known at the time of
signing,  we have defined the signatures to include both of them.

Prev by Date: I-D ACTION:draft-ietf-ipsec-ike-base-mode-02.txt
Next by Date: Re: Bruce Schneier on IPsec
Prev by thread: I-D ACTION:draft-ietf-ipsec-ike-base-mode-02.txt
Next by thread: FW: Releasing IP addresses assigned with IKECFG
Index(es):
- Main
- Thread