[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: question on IKE between HA & FA in 3GPP standard...

To: Suresh Iyer <siyer@megisto.com>
Subject: Re: question on IKE between HA & FA in 3GPP standard...
From: Stephen Kent <kent@bbn.com>
Date: Thu, 5 Dec 2002 11:12:39 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <C3F7A1AD0781F84784B5528466CA09DD0D9E58@megisto-sql1>
References: <C3F7A1AD0781F84784B5528466CA09DD0D9E58@megisto-sql1>
Sender: owner-ipsec@lists.tislabs.com

At 10:29 AM -0500 12/5/02, Suresh Iyer wrote:
>Hi,
>	I am trying to identify the requirements for IKE between Foreign
>Agent & Home Agent.
>In the Annex A to the 3GPP2 Wireless IP network standard, 3GPP2 P.S0001-B,
>it is specified that
>aggressive mode be used with preshared keys and main mode be used with
>Certificate authentication.
>
>It also specifies that "Signature payload" will not be sent by PDSN (FA) and
>HA.
>
>Does this mean that the certificate authentication is to be done with
>"public key encryption" and not "signatures"?
>

I'm not familiar with the 3GPP2 spec you cite above, bit in general I 
advise against using the encryption (vs. signature) option in IKE v1. 
Note that in IKE v2 we have cleanly separated the key generation and 
authentication features of the protocol, using public keys from certs 
only for signatures. I also think that in practice IKE v1 
implementation usually opt for the signature (vs. encryption) 
approach to authentication when public keys are employed.

Steve

References:
- question on IKE between HA & FA in 3GPP standard...
  - From: Suresh Iyer <siyer@megisto.com>

Prev by Date: Re: Summary of key derivation thread
Next by Date: RE: IKEv2 transport concerns
Prev by thread: question on IKE between HA & FA in 3GPP standard...
Next by thread: RE: question on IKE between HA & FA in 3GPP standard...
Index(es):
- Date
- Thread