[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: having and eating cake? agressive mode with identity hiding

To: Radia Perlman <Radia.Perlman@sun.com>
Subject: Re: having and eating cake? agressive mode with identity hiding
From: Sheila Frankel <sheila.frankel@nist.gov>
Date: Tue, 14 Aug 2001 10:59:28 -0400 (EDT)
Cc: ipsec@lists.tislabs.com
In-Reply-To: <200108141213.IAA13485@bcn.East.Sun.COM>
References: <200108141213.IAA13485@bcn.East.Sun.COM>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: IMP/PHP IMAP webmail program 2.2.5

There is one problem that arises from adopting aggressive mode as the single IKE
variant. Since "g^a mod p" is sent in message 1, we lose the capability to
negotiate the Diffie-Hellman group.

Sheila Frankel
NIST

Quoting Radia Perlman <Radia.Perlman@sun.com>:
> It would be nice to have a single IKE protocol. Perhaps this slightly
> modified aggressive mode/identity hiding/public signature keys would
> be a good choice.
> 
> The basic idea is:
> 
> message 1:
> Alice--->Bob
>     g^a mod p
> 
> message 2:
> Bob---->Alice
>     g^b mod p, {"Bob", proof I'm Bob} encrypted with g^ab mod p
>         ;the proof he's Bob consists of a signature on messages 1 and 2,
> e.g.
> 
> message 3:
> Alice---->Bob
>     {"Alice", proof I'm Alice}g^ab mod p

References:

having and eating cake? agressive mode with identity hiding

From: Radia Perlman - Boston Center for Networking <Radia.Perlman@sun.com>

Prev by Date: RE: Simplifying IKE
Next by Date: RE: Simplifying IKE
Prev by thread: having and eating cake? agressive mode with identity hiding
Next by thread: Re: having and eating cake? agressive mode with identity hiding
Index(es):
- Main
- Thread