[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ikev2 questions arising from Radia's presentation




>>>>> "Andrew" == Andrew Krywaniuk <andrew.krywaniuk@alcatel.com> writes:
    Andrew> I thought this was apparent from the draft. See appendix B:

    Andrew>    The encryption and integrity protection algorithms are the same as
    Andrew>    those available to the ESP protocol, through their application is
    Andrew>    slightly different. Whereas in ESP the header that is integrity
    Andrew>    protected but not encrypted is a total of 8 bytes (SPI+Sequence #)
    Andrew>    plus the IV, in IKE it is the IKE Header which is 28 bytes plus the
    Andrew>    IV (see section 7.1).

  okay, so it is covered. 
  It should probably be covered in the body.
  "The ESP-like AUTH header covers the entire message, including the IKE header"

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [




References: