[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: JFK Algorithm Choice
In message <200203042258.g24MwZN71393@romeo.rtfm.com>, Eric Rescorla writes:
>I just finished reading the new JFK draft at VPNC and I'm still
>unclear on how algorithm choice is supposed to work.
>
>As I understand it, there are actually two different sets of
>algorithms: those used for protecting MSG 3 and MSG 4 (JFK
>algorithms) and those used in the SA being established (SA algorithms).
Correct.
>(1) JFK Algorithm Choice
>I think I understand this one, but I'd like to be sure. The
>responder provides his choice of algorithms in GRPINFOr in
>MSG 2. This includes the digest algorithm, the symmetric
>encryption algorithm and one or more DH groups. The initiator
>can take them or leave them.
Yes.
>(2) SA Algorithm Choice
>My general understanding of how this works (based on S 2.2) is as
>follows:
>
>(1) The initiator offers some set of algorithms in the SA
> payload of MSG 3.
>(2) The responder chooses one and sends it in the SA' payload
> in MSG 4.
>
>Is this more or less correct?
Yes. In MSG 4, the responder may include additional information (e.g., the
SPI for the SA in that direction), as needed.
>Questions:
>(1) What exactly are the contents of the SA payload. Section
>2.1 says:
>
> sa: Defines the cryptographic and other properties of the Security
> Association (SA) the Initiator wants to establish. It contains
> a Domain-of-Interpretation, which JFK understands, and an
> application-specific bitstring.
>
>Is the idea here that this is the Security Association payload
>described in S 4.6.1 of RFC 2407 (possibly profiled down)? If so,
>this appears to be inconsistent with the claim in S 5 that:
>
> the
> acceptable combinations are denoted by 16-bit, unstructured
> integers.
>
>Since this isn't how things are done in 2407, as I understand it.
Correct -- it's not RFC 2407. Basically, the SA payload is a TLV with a 32-bit
DoI (value 0x00000001 allocated for IPsec), followed by a list of 16-bit
algorithm choices, followed by two SPD elements.
>(2) You list algorithms that "must be supported". Does this mean
>that they must be enabled or merely implemented?
It means that a complying JFK implementation should understand these choices.
The IPsec layer itself might not support some of these --- there's nothing
JFK can do about that :-)
>(3) How does the responder indicate that the initiator hasn't
>offered any algorithms that it supports? Is there some way to
>give a hint?
Section 2.5, rejection messages (not discussed in great length).
-Angelos