[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Notification payloads IV
antonio.barrera@nokia.com writes:
> How is the IV computed for notification messages in IKE Phase I?
It is not computed. You send the error message in clear until you
receive the final Phase I packet and get the last Phase I CBC block to
start your IV calculations.
> However, I'm not really sure how to do it for Phase I when
> encryption is applied (messages 5 and 6) and an error is found.
> Is it explained somewhere?
No. It is not explained anywhere, and different implementations are
doing it differently. I know there are implementations which send
those notifications encrypted and I don't know which IV they are
using.
--
kivinen@ssh.fi Work : +358 303 9870
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
References: