[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE Public Key Encryption

To: Jim Tiller <jtiller@lucent.com>
Subject: Re: IKE Public Key Encryption
From: Dan Harkins <dharkins@network-alchemy.com>
Date: Mon, 20 Mar 2000 12:42:47 -0800
cc: pau@watson.ibm.com, ipsec@lists.tislabs.com
In-reply-to: Your message of "Mon, 20 Mar 2000 14:01:20 EST." <8584.000320@lucent.com>
Sender: owner-ipsec@lists.tislabs.com

  There is only ambiguity when the responder has more than one public
key. If that's the case then the hash will indicate which one to use and
get rid of the ambiguity. I've done interoperability testing with this 
authentication method before but each time the peer only had one public 
key.

  It's hashed to retain identity protection which is a feature of Main 
Mode.

  Dan.

On Mon, 20 Mar 2000 14:01:20 EST you wrote
> Thankx for answering...
> 
> Is this becoming common practise for most vendors? Although optional,
> are most including it to avoid complexity and ambiguity? I'm certain
> this has come up in the VPNC and interpretability seminars.
> 
> Also, one more question, if it is a certificate, why hash it? I'm
> assuming to reduce the size of the payload, but this comes at a cost
> of processing when the responder is responsible for many certificates.
> I might add that I'm assuming alot here and just expressing my
> curiosity to the group.
> 
> thankx
> -jim
> 
> Monday, March 20, 2000, 11:25:12 AM, you wrote:
> 
> pwic> I would agree. At least our own experience showed that this makes
> pwic> it much less ambiguous.
> 
> pwic> Pau-Chen
> 
> 
> 
>

References:

Re: IKE Public Key Encryption

From: Jim Tiller <jtiller@lucent.com>

Prev by Date: Re: IKE Public Key Encryption
Next by Date: Re: IKE Public Key Encryption
Prev by thread: Re: IKE Public Key Encryption
Next by thread: Re: IKE Public Key Encryption
Index(es):
- Main
- Thread