[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Notification payloads IV

To: antonio.barrera@nokia.com
Subject: Notification payloads IV
From: Tero Kivinen <kivinen@ssh.fi>
Date: Fri, 6 Oct 2000 19:36:21 +0300 (EET DST)
Cc: ipsec@lists.tislabs.com
In-Reply-To: <0B3F42CA1FB6D2118FE50008C7894B0A051A97A8@eseis06nok>
Organization: SSH Communications Security Oy
References: <0B3F42CA1FB6D2118FE50008C7894B0A051A97A8@eseis06nok>
Sender: owner-ipsec@lists.tislabs.com

antonio.barrera@nokia.com writes:
> 	How is the IV computed for notification messages in IKE Phase I?

It is not computed. You send the error message in clear until you
receive the final Phase I packet and get the last Phase I CBC block to
start your IV calculations. 

> 	However, I'm not really sure how to do it for Phase I when
> encryption is applied (messages 5 and 6) and an error is found.
> Is it explained somewhere? 

No. It is not explained anywhere, and different implementations are
doing it differently. I know there are implementations which send
those notifications encrypted and I don't know which IV they are
using. 
-- 
kivinen@ssh.fi                               Work : +358 303 9870
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

References:

Notification payloads IV

From: antonio.barrera@nokia.com

Prev by Date: Re: IPSec test suite
Next by Date: RE: Notification payloads IV
Prev by thread: Notification payloads IV
Next by thread: RE: Notification payloads IV
Index(es):
- Main
- Thread