RE: ikev2 questions arising from Radia's presentation

["Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>]

> 2) when I initially read the document, I got the impression that
>    the ISAKMP header was not protected by anything. I think that
>    DHR also believed this.
> 
>    After Radia's comments about ESP, I'm wondering if the AUTH
>    header would in fact cover the ISAKMP header as well? 


I thought this was apparent from the draft. See appendix B:

   The encryption and integrity protection algorithms are the same as
   those available to the ESP protocol, through their application is
   slightly different. Whereas in ESP the header that is integrity
   protected but not encrypted is a total of 8 bytes (SPI+Sequence #)
   plus the IV, in IKE it is the IKE Header which is 28 bytes plus the
   IV (see section 7.1).

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.

---

Follow-Ups:

• Re: ikev2 questions arising from Radia's presentation
• From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:

• ikev2 questions arising from Radia's presentation
• From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

---

• Prev by Date: Re: Comment regarding Nonce size
• Next by Date: Re: IKEv2 traffic selector subsetting.
• Prev by thread: ikev2 questions arising from Radia's presentation
• Next by thread: Re: ikev2 questions arising from Radia's presentation
• Index(es):
  • Main
  • Thread