[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AES-based PRF for IKEv2

To: Hugo Krawczyk <hugo@ee.technion.ac.il>, Uri Blumenthal <uri@bell-labs.com>
Subject: Re: AES-based PRF for IKEv2
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Date: Tue, 25 Mar 2003 15:14:58 -0800
Cc: IPsec WG <ipsec@lists.tislabs.com>
In-Reply-To: <Pine.GSO.4.21.0303250554060.25034-100000@ee.technion.ac.il>
References: <Pine.GSO.4.21.0303250554060.25034-100000@ee.technion.ac.il>
Sender: owner-ipsec@lists.tislabs.com

At 6:36 AM +0200 3/25/03, Hugo Krawczyk wrote:
>Moreover, ikev2 already offers a solution to the problem of how to get a
>prf key out of the DH key g^xy (see page 25 of the draft).
>And ikev2 does not really have a need to deal with too-short keys.
>The only places where this could potentially be an issue is when
>(1) you key the prf with Ni|Nr and (2) when authenticating with a
>pre-shared key.

I'm confused by this statement. Where is the preshared key used in 
the SKEYSEED calculation in IKEv2?

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- Re: AES-based PRF for IKEv2
  - From: Hugo Krawczyk <hugo@ee.technion.ac.il>

References:
- Re: AES-based PRF for IKEv2
  - From: Hugo Krawczyk <hugo@ee.technion.ac.il>

Prev by Date: Re: Secure remote access with IPsec
Next by Date: Re: AES-based PRF for IKEv2
Prev by thread: Re: AES-based PRF for IKEv2
Next by thread: Re: AES-based PRF for IKEv2
Index(es):
- Date
- Thread