[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
JFK algorithm choice
Apologies on advance for focusing on the bits on the wire over
the cryptographic skeleton but I wanted to get some clarification
on a few fine points of JFK.
I'm not sure I understand how JFK chooses cryptographic algorithms.
S 2.5 says:
We also eliminate negotiation, in favor of ukases issued by the
Responder. The Responder is providing a service; it is entitled to
set its own requirements for that service.
and later:
Any cryptographic
primitive mentioned by the Responder is acceptable; the Initiator
can choose any it wishes.
This information appear to be contained in the GRPIFOr TLV transmitted in
Msg2, defined in S 4.2:
grpInfo is expressed as a string of at least four octets. The first
octet is the encryption algorithm ID, the second octet is the
signature algorithm ID, and the third octet is the hash function
used for session key derivation. Each remaining octet specifies an
acceptable group number.
As far as I can tell, the only way to express multiple digest and
encryption algorithms (as the second excerpt suggests you can do)
is for the Responder to send multiple GRPINFO payloads in Msg2.
Is this what you intend?
Section 4.2 also says that the SA payload is:
SA tag Meaning
1 IPsec SA, as described in [RFC2409]
What's not clear to me here is that the SA payload in RFC 2409
seems to (when you factor in 2407 and 2408) also include
algorithm information. How is the SA payload intended to be used?
Have I misread one of the specs?
-Ekr
Follow-Ups: