[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ikev2 questions arising from Radia's presentation
>>>>> "Andrew" == Andrew Krywaniuk <andrew.krywaniuk@alcatel.com> writes:
Andrew> I thought this was apparent from the draft. See appendix B:
Andrew> The encryption and integrity protection algorithms are the same as
Andrew> those available to the ESP protocol, through their application is
Andrew> slightly different. Whereas in ESP the header that is integrity
Andrew> protected but not encrypted is a total of 8 bytes (SPI+Sequence #)
Andrew> plus the IV, in IKE it is the IKE Header which is 28 bytes plus the
Andrew> IV (see section 7.1).
okay, so it is covered.
It should probably be covered in the body.
"The ESP-like AUTH header covers the entire message, including the IKE header"
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
References: