[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some comments on JFK

To: ekr@rtfm.com
Subject: Re: Some comments on JFK
From: Ran Canetti <canetti@watson.ibm.com>
Date: Tue, 4 Dec 2001 00:39:08 -0500
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com


Eric, thanks for your good comments. Two points:

* Regarding key derivation and expansion. This can be done in a number 
of standard ways.  For instance, the way it is done in IKEv1 is fine.
(To be specific, use HMAC in lieu of the generic PRF.)
Indeed, this should be specified.

* Regarding different keys for encryption by I and R. This is not really
necessary if you're using CBC with random IV, or any "decent" encryption
method. (And, yes, ECB mode is not really "decent" in this context.)

Ran

Prev by Date: Re: compare-jfk-sigma.txt
Next by Date: Re: On shared keys (was RE: SOI: identity protection and DOS)
Prev by thread: Re: Some comments on JFK
Next by thread: Re: Some comments on JFK
Index(es):
- Main
- Thread