[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ikev2 questions arising from Radia's presentation



-----BEGIN PGP SIGNED MESSAGE-----


1) she explained that they are using the entire ESP format.
   (It wasn't clear to me that the auth header was at the end)

   Radia explained that they would ignore the next header bytes.
   It actually seems to me that using it would be better to use this
   value rather than the one from the ISAKMP header. 

   (is that a fair name for that initial block from the ISAKMP rfc?)

2) when I initially read the document, I got the impression that
   the ISAKMP header was not protected by anything. I think that
   DHR also believed this.

   After Radia's comments about ESP, I'm wondering if the AUTH
   header would in fact cover the ISAKMP header as well? 

   Hugh Redelmeier had some concerns about this that he had posted.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPBjjxIqHRg3pndX9AQFfCAP8CET5VZdf7xeP5KXxRIF0lB11XnYYNG4L
YFI4+QXckAxfJSiJLxjWl7QNGzbrUh7F9Wuqg44FHa3KvltmVEAL6BuDsYm/5/Si
zeOHaBJgN57p69qrAff1GnKCGnLzPI38PSpe0gSj1Olpu0wVxMBT4v1Awul23dCb
4cO1YM7F21w=
=Ovbq
-----END PGP SIGNATURE-----


Follow-Ups: