[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSEC Security Gateways & NAT (3 issues)

To: "'Hugo Krawczyk'" <hugo@ee.technion.ac.il>, "'Andrew Krywaniuk'" <andrew.krywaniuk@alcatel.com>
Subject: RE: IPSEC Security Gateways & NAT (3 issues)
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: Wed, 13 Jun 2001 23:39:40 -0400
Cc: "'ipsec list'" <ipsec@lists.tislabs.com>
Importance: Normal
In-Reply-To: <Pine.GSO.4.21.0106140213170.18986-100000@ee.technion.ac.il>
Reply-To: <andrew.krywaniuk@alcatel.com>
Sender: owner-ipsec@lists.tislabs.com

> This is NOT the reason that the SKEYID derivations differ.
> They differ because in three cases (sig, pke, pre-shared) the
> keying material is totally different.
> The differences are not driven by any fancy features (or by
> lack of trust
> in DH), they are ESSENTIAL for security.

Not having been actively involved in the WG at the time this was decided, I
researched this topic in the archives a couple of years ago. My research
disagreed with your claims that the particular SKEYID derivations are
essential for security, so you'll forgive me if I take them with a grain of
salt.

What I remember was more along the line of:

"I'm using <auth method X> and I want to include <variable Y> in the
calculation."

"I'm not using X, so do whatever you want."

You'll excuse me for being skeptical of a so called ESSENTIAL derivation
which appears arbitrary and which is not officially documented anywhere.

Andrew
-------------------------------------------
Upon closer inspection, I saw that the line
dividing black from white was in fact a shade
of grey. As I drew nearer still, the grey area
grew larger. And then I was enlightened.


> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Hugo Krawczyk
> Sent: Wednesday, June 13, 2001 7:17 PM
> To: Andrew Krywaniuk
> Cc: ipsec list
> Subject: RE: IPSEC Security Gateways & NAT (3 issues)
>
>
>
>
> On Wed, 13 Jun 2001, Andrew Krywaniuk wrote:
>
> > The reason the SKEYID derivations differ is because Hugo
> stated that he did
> > not think DH alone was strong enough for key agreement. The
> last time this
> > issue came up, Hugo suggested changing the key derivation to:
> >
> > 	SKEYID_e = prf(hash(Ni_b | Nr_b), g^xy | CKY-I | CKY-R | 2)
> >
> > (although he also stated that he still prefers the exiting
> definition.)
> >
>
> This is NOT the reason that the SKEYID derivations differ.
> They differ because in three cases (sig, pke, pre-shared) the
> keying material is totally different.
> The differences are not driven by any fancy features (or by
> lack of trust
> in DH), they are ESSENTIAL for security.
>
> Hugo
>
>

References:

RE: IPSEC Security Gateways & NAT (3 issues)

From: Hugo Krawczyk <hugo@ee.technion.ac.il>

Prev by Date: RE: IPSEC Security Gateways & NAT
Next by Date: Re: IPSEC Security Gateways & NAT
Prev by thread: RE: IPSEC Security Gateways & NAT (3 issues)
Next by thread: Re: IPSEC Security Gateways & NAT
Index(es):
- Main
- Thread