[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I-D ACTION:draft-ietf-ipsec-ike-hash-revised-01.txt

To: ipsec@lists.tislabs.com
Subject: I-D ACTION:draft-ietf-ipsec-ike-hash-revised-01.txt
From: Tero Kivinen <kivinen@ssh.fi>
Date: Thu, 9 Mar 2000 23:01:11 +0200 (EET)
In-Reply-To: <200003091128.GAA24444@ietf.org>
Organization: SSH Communications Security Oy
References: <200003091128.GAA24444@ietf.org>
Sender: owner-ipsec@lists.tislabs.com

Internet-Drafts@ietf.org writes:
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the IP Security Protocol Working Group of the IETF.
> 
> 	Title		: Fixing IKE Phase 1 & 2 Authentication HASH
> 	Author(s)	: T. Kivinen
> 	Filename	: draft-ietf-ipsec-ike-hash-revised-01.txt
> 	Pages		: 8
> 	Date		: 08-Mar-00
> 	

Here is a short summary of the changes in the document:

* Added section to describe how phase 2 authentication hashes should
  be changed to fix the unauthenticated isakmp header problem in the
  phase 2 exchnages. 

* Changed the authentication hash to be hash of hashes instead of hash
  of the full packets. This way the memory consumption used to before
  calculating the hash is smaller, and the same per packet hash can
  also used to detect retransmission packets.

* Added more text saying that the template hash/sig payload must
  contain generic payload header, but only the contents of the hash/sig
  field itself is all zeros.
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

References:

I-D ACTION:draft-ietf-ipsec-ike-hash-revised-01.txt

From: Internet-Drafts@ietf.org

Prev by Date: Re: MAC speeds
Next by Date: MAC speeds
Prev by thread: I-D ACTION:draft-ietf-ipsec-ike-hash-revised-01.txt
Next by thread: I-D ACTION:draft-ietf-ipsec-ciph-aes-cbc-00.txt
Index(es):
- Main
- Thread