[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE Public Key Encryption
>
>
> Hello All,
>
> I know this has been discussed, and I attempted to find the previous
> discussion in the list archives - needless to say, I was unsuccessful.
> --------------------------Question---------------------
> In the third message of MM with Public key authentication
> (non-revised shown - but same issue for both):
>
> Initiator Responder
> ----------- -----------
> HDR, SA -->
> <-- HDR, SA
> HDR, KE, [ HASH(1), ]
> <IDi1_b>PubKey_r,
> <Ni_b>PubKey_r -->
> HDR, KE, <IDr1_b>PubKey_i,
> <-- <Nr_b>PubKey_i
> HDR*, HASH_I -->
> <-- HDR*, HASH_R
>
> My question is about the use of HASH(1):
>
> "Where HASH(1) is the optional hash of the certificate which
> contained Pubkey_r." <draft-ietf-ipsec-ike-01.txt>
>
> Shouldn't the [ HASH(1), ] be required?
I would agree. At least our own experience showed that this makes
it much less ambiguous.
Pau-Chen
>
> ..........
>
> Best regards,
> Jim
>
>
>
>
>
Follow-Ups: