[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSEC Security Gateways & NAT (3 issues)





On Wed, 13 Jun 2001, Andrew Krywaniuk wrote:

> The reason the SKEYID derivations differ is because Hugo stated that he did
> not think DH alone was strong enough for key agreement. The last time this
> issue came up, Hugo suggested changing the key derivation to:
> 
> 	SKEYID_e = prf(hash(Ni_b | Nr_b), g^xy | CKY-I | CKY-R | 2)
> 
> (although he also stated that he still prefers the exiting definition.)
> 

This is NOT the reason that the SKEYID derivations differ.
They differ because in three cases (sig, pke, pre-shared) the 
keying material is totally different.
The differences are not driven by any fancy features (or by lack of trust 
in DH), they are ESSENTIAL for security.

Hugo



Follow-Ups: References: