[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: having and eating cake? agressive mode with identity hiding
There is one problem that arises from adopting aggressive mode as the single IKE
variant. Since "g^a mod p" is sent in message 1, we lose the capability to
negotiate the Diffie-Hellman group.
Sheila Frankel
NIST
Quoting Radia Perlman <Radia.Perlman@sun.com>:
> It would be nice to have a single IKE protocol. Perhaps this slightly
> modified aggressive mode/identity hiding/public signature keys would
> be a good choice.
>
> The basic idea is:
>
> message 1:
> Alice--->Bob
> g^a mod p
>
> message 2:
> Bob---->Alice
> g^b mod p, {"Bob", proof I'm Bob} encrypted with g^ab mod p
> ;the proof he's Bob consists of a signature on messages 1 and 2,
> e.g.
>
> message 3:
> Alice---->Bob
> {"Alice", proof I'm Alice}g^ab mod p
References: