[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC Security Gateways & NAT

To: "jshukla" <jshukla@earthlink.net>
Subject: Re: IPSEC Security Gateways & NAT
From: Derek Atkins <warlord@mit.edu>
Date: 09 Jun 2001 15:43:13 -0400
Cc: "Chen, David" <dchen@ellacoya.com>, <ipsec@lists.tislabs.com>
In-Reply-To: "jshukla"'s message of "Sat, 9 Jun 2001 09:23:48 -0700"
References: <85D31AAF3DFCD4119C44000102C009707DD751@mail.ellacoya.com> <sjm8zj2it6v.fsf@rcn.ihtfp.org> <000801c0f100$c02f8e50$1ab02304@ffb5b>
Sender: owner-ipsec@lists.tislabs.com

"jshukla" <jshukla@earthlink.net> writes:

> This is the only case that they discuss in their draft and
> I am not sure that even this case works. My concern is
> about the authenticating hash computation.
> 
> HASH_I = pfr(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b)

Um, I don't see anything here that necessarily depends upon the IP
Address of either Initiator or Responder.  Perhaps I am being dense,
but could you please point out the specific term to which you refer?
Keep in mind that the ID term is **NOT** necessarily tied to the IP
Address, as you can use many types of ID (such as FQDN) that are
"movable".

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

Follow-Ups:

Re: IPSEC Security Gateways & NAT

From: "jshukla" <jshukla@earthlink.net>

References:

RE: IPSEC Security Gateways & NAT

From: "Chen, David" <dchen@ellacoya.com>

Re: IPSEC Security Gateways & NAT

From: Derek Atkins <warlord@mit.edu>

Re: IPSEC Security Gateways & NAT

From: "jshukla" <jshukla@earthlink.net>

Prev by Date: digital certificate
Next by Date: Re: IPSEC Security Gateways & NAT
Prev by thread: Re: IPSEC Security Gateways & NAT
Next by thread: Re: IPSEC Security Gateways & NAT
Index(es):
- Main
- Thread