[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: JFK algorithm choice
In message <200112080117.fB81HN577344@romeo.rtfm.com>, Eric Rescorla writes:
>
>I'm not sure I understand how JFK chooses cryptographic algorithms.
Basically, the Responder chooses all algorithms; the only choice the Initiator
is offered is a variety of DH groups.
> Any cryptographic
> primitive mentioned by the Responder is acceptable; the Initiator
> can choose any it wishes.
s/cryptographic primitive/DH group
>As far as I can tell, the only way to express multiple digest and
>encryption algorithms (as the second excerpt suggests you can do)
>is for the Responder to send multiple GRPINFO payloads in Msg2.
>Is this what you intend?
No (per above).
>Section 4.2 also says that the SA payload is:
>
> SA tag Meaning
> 1 IPsec SA, as described in [RFC2409]
>
>What's not clear to me here is that the SA payload in RFC 2409
>seems to (when you factor in 2407 and 2408) also include
>algorithm information. How is the SA payload intended to be used?
>Have I misread one of the specs?
The SA payload is application-specific (application = IPsec). As such, the JFK
*cryptographic* protocol cannot (or at least, does not) mandate what's sent
therein. Adding that line in Section 4.2 was the expedient way of letting
people
know *where* in the protocol IPsec SA information would be included.
Whether we end up using RFC2409 SAs or something different is one of the
questions to be answered by the WG. My personal feeling is that it is basically
a reasonable choice.
Why not for the JFK-options ? We believe it's not necessary; furthermore, it
avoids the problem of non-interoperable implementations (I've seen that in the
past, as a practical issue --- Paul Hoffman should share his experiences on the
subject with the WG too).
-Angelos
References: