[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE Public Key Encryption

To: ipsec@lists.tislabs.com, jtiller@lucent.com
Subject: Re: IKE Public Key Encryption
From: pau@watson.ibm.com
Date: Mon, 20 Mar 2000 11:25:12 -0500
Sender: owner-ipsec@lists.tislabs.com


> 
> 
> Hello All,
> 
>  I know this has been discussed, and I attempted to find the previous
>  discussion in the list archives - needless to say, I was unsuccessful.
>  --------------------------Question---------------------
>  In the third message of MM with Public key authentication
>  (non-revised shown - but same issue for both):
> 
>        Initiator                        Responder
>       -----------                      -----------
>        HDR, SA                   -->
>                                  <--    HDR, SA
>        HDR, KE, [ HASH(1), ]
>           <IDi1_b>PubKey_r,
>            <Ni_b>PubKey_r        -->
>                                         HDR, KE, <IDr1_b>PubKey_i,
>                                  <--            <Nr_b>PubKey_i
>        HDR*, HASH_I              -->
>                                  <--    HDR*, HASH_R
> 
>   My question is about the use of HASH(1):
>   
>   "Where HASH(1) is the optional hash of the certificate which
>   contained Pubkey_r." <draft-ietf-ipsec-ike-01.txt>
>   
>   Shouldn't the [ HASH(1), ] be required? 

I would agree. At least our own experience showed that this makes
it much less ambiguous.

Pau-Chen

> 
>   ..........
> 
> Best regards,
> Jim
> 
> 
> 
> 
>

Follow-Ups:

Re: IKE Public Key Encryption

From: Henry Spencer <henry@spsystems.net>

Re: IKE Public Key Encryption

From: Jim Tiller <jtiller@lucent.com>

Prev by Date: Re: MAC speeds
Next by Date: Re: IKE Public Key Encryption
Prev by thread: IKE Public Key Encryption
Next by thread: Re: IKE Public Key Encryption
Index(es):
- Main
- Thread