[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I-D ACTION:draft-ietf-ipsec-ike-hash-revised-01.txt
Internet-Drafts@ietf.org writes:
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the IP Security Protocol Working Group of the IETF.
>
> Title : Fixing IKE Phase 1 & 2 Authentication HASH
> Author(s) : T. Kivinen
> Filename : draft-ietf-ipsec-ike-hash-revised-01.txt
> Pages : 8
> Date : 08-Mar-00
>
Here is a short summary of the changes in the document:
* Added section to describe how phase 2 authentication hashes should
be changed to fix the unauthenticated isakmp header problem in the
phase 2 exchnages.
* Changed the authentication hash to be hash of hashes instead of hash
of the full packets. This way the memory consumption used to before
calculating the hash is smaller, and the same per packet hash can
also used to detect retransmission packets.
* Added more text saying that the template hash/sig payload must
contain generic payload header, but only the contents of the hash/sig
field itself is all zeros.
--
kivinen@iki.fi Work : +358-9-4354 3218
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
References: