[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto algorithms for IKEv2



In regards to draft-hoffman-ipsec-algorithms-00-TEMP.txt, I notice that the 
UI ciphersuites make no mention of PFS. Are we assuming that this is an 
implementer decision?

Come to think of it, I don't think we ever resolved the issue of what to do 
when the initiator of a CREATE_CHILD_SA exchange doesn't propose PFS but the 
responder requires it. This could be accomplished with a 
NOTIFY_PFS_REQUIRED_ALWAYS or NOTIFY_PFS_REQUIRED_NEXT_SA message.

Not that we could really change it now, but did anyone consider the idea of 
acheiving PFS simply by applying a one-way hash to SKEYSEED_D, either 
periodically or after every CREATE_CHILD_SA exchange? Sure, there are race 
conditions, but I think they are easily fixed.

Andrew
--------------------------------------
The odd thing about fairness is when
we strive so hard to be equitable
that we forget to be correct.




_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail