[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IKE encryption in aggressive mode
In light of the weakness of the phase 1 authentication hash, encrypting the
third message provides at least some assurance that a notify payload (e.g.
initial contact) was not forged.
Andrew
-------------------------------------------
Upon closer inspection, I saw that the line
dividing black from white was in fact a shade
of grey. As I drew nearer still, the grey area
grew larger. And then I was enlightened.
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Mason, David
> Sent: Monday, October 22, 2001 5:10 AM
> To: 'Marco Ender'; ipsec@lists.tislabs.com
> Subject: RE: IKE encryption in aggressive mode
>
>
> RFC 2409: The final message MAY NOT be sent under protection
> of the ISAKMP
> SA allowing each party to postpone exponentiation, ... The graphic
> depictions of Aggressive Mode show the final payload in the
> clear; it need
> not be.
>
> So the third message may or MAY NOT be encrypted. The
> preferred method is
> not to encrypt since it provides not benefit except perhaps
> for Signatures
> where the certificate identity of the Initiator is protected
> (but if that
> property is desired then Main Mode w/ Identity protection is
> available).
>
> -dave
>
> -----Original Message-----
> From: Marco Ender [mailto:marco.ender@dungeonmaster.at]
> Sent: Saturday, October 20, 2001 10:33 AM
> To: ipsec@lists.tislabs.com
> Subject: IKE encryption in aggressive mode
>
>
> I have a small question regarding the point at which the encryption
> using SKEYID_e starts in aggressive mode. In Main Mode, all parts of
> the pakets 4 & 5 are encrypted using the SKEYID_e. Which parts of the
> _second_ paket in Aggressive Mode are encrpted using SKEYID_e with
> each authentication method? Am i correct that again the complete third
> paket is encrypted using SKEYID_e?
>
> tia
>
> Marco
>