[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC Security Gateways & NAT
"jshukla" <jshukla@earthlink.net> writes:
> This is the only case that they discuss in their draft and
> I am not sure that even this case works. My concern is
> about the authenticating hash computation.
>
> HASH_I = pfr(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b)
Um, I don't see anything here that necessarily depends upon the IP
Address of either Initiator or Responder. Perhaps I am being dense,
but could you please point out the specific term to which you refer?
Keep in mind that the ID term is **NOT** necessarily tied to the IP
Address, as you can use many types of ID (such as FQDN) that are
"movable".
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
Follow-Ups:
References: