[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPSEC Security Gateways & NAT (3 issues)
On Wed, 13 Jun 2001, Andrew Krywaniuk wrote:
> The reason the SKEYID derivations differ is because Hugo stated that he did
> not think DH alone was strong enough for key agreement. The last time this
> issue came up, Hugo suggested changing the key derivation to:
>
> SKEYID_e = prf(hash(Ni_b | Nr_b), g^xy | CKY-I | CKY-R | 2)
>
> (although he also stated that he still prefers the exiting definition.)
>
This is NOT the reason that the SKEYID derivations differ.
They differ because in three cases (sig, pke, pre-shared) the
keying material is totally different.
The differences are not driven by any fancy features (or by lack of trust
in DH), they are ESSENTIAL for security.
Hugo
Follow-Ups:
References: