[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on ikev2 05 (editorial)
just to point to a small (but possibly confusing) typo:
On Tue, 18 Mar 2003 Charlie_Kaufman@notesdev.ibm.com wrote:
>
>
>
>
> This is also related to prf functions with fixed length keys. I had
> proposed that the AUTH payload be computed as:
>
> AUTH = prf(Shared Secret | "Key Pad for IKEv2", <message bytes>)
>
> which won't work if the prf has a fixed size key. Hugo proposed the
> alternative encoding:
>
> AuthSecret = prf( prf(Shared Secret, "Key Pad for IKEv2") , <message bytes>)
^^^^^^^^^^
this should be AUTH
Also, Charlie, I suggest that you explain in the text that an
implementation only needs to use (or keep in memory) the value
prf(Shared Secret, "Key Pad for IKEv2"), thus avoiding the need to
store the user's password atthe server/gateway.
Hugo
> and using that encoding whether or not the prf takes a fixed
size key
> (presumably with Shared Secret padded or truncated as necessary to match
> the fixed key size).
>
> I'm happy with that. Any objections?
>
> --Charlie
>
> Opinions expressed may not even be mine by the time you read them, and
> certainly don't reflect those of any other entity (legal or otherwise).
>
> > Yes. I now understand.
> > However, this is too much of HMAC-centric thinking.
> > In your above proposal you are assuming an arbitrary key-length prf,
> > which is not the general case as discussed in realtion to the Ni|Nr
> > issue (to which I answered separately).
> >
> > Here, there is a (mathematically) cleaner way to achieve what you want.
> > Assuming that SharedSecret is suitable as key to a prf, then you can
> > define AuthSecret = prf(SharedSecret, "Key Pad for IKEv2")
> > and AUTH = prf(AuthSecret, <message bytes>).
> >
> > Note that in this way you make it clear that it suffices to keep the
> value
> > AuthSecret in memory (rather than Shared Secret) for authentication
> > (thus achieveing the password protection you intended)
>
>
>
>