[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

main mode with signature authentication

To: ipsec@lists.tislabs.com
Subject: main mode with signature authentication
From: 0xLJCDF5BBAABBF0z/0xLJC4CFBEA9B7D6B2BFz/CDMA0xLJCAC2D2B5B2BFz/zte_ltd <0xLJCDF5BBAABBF0z/0xLJC4CFBEA9B7D6B2BFz/CDMA0xLJCAC2D2B5B2BFz/zte_ltd@mail.zte.com.cn>
Date: Fri, 21 Sep 2001 08:47:01 +0800
Sender: owner-ipsec@lists.tislabs.com

hi,
there are there roundtrips in the process of ISAKMP SA establishment using
main mode authenticated with signature,the message is encrypted and
authenticated
  in the last roundtrip,there are two statements:

1.the encryption algorithm is negotiated in payload SA during the first
roundtrip,
   and the key is derivated from SKEYID_e after the second roundtrip.

2.the authentication algorithm(Signature) is designated before current
ISAKMP SA
   negotiation,ie. its designation is irrelevant with current ISAKMP SA
negotiation.

i cannot confirm the statements,any comment is appreciated.

thanks in advance
whh

Prev by Date: Re: How are Initiator's Proposals checked by Responder?
Next by Date: AW: Why can't ESP authenticate IP header?
Prev by thread: Re: How many spd records ?
Next by thread: AW: Why can't ESP authenticate IP header?
Index(es):
- Main
- Thread