[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ikev2-07: last nits

To: Hugo Krawczyk <hugo@ee.technion.ac.il>
Subject: Re: ikev2-07: last nits
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Tue, 06 May 2003 17:26:39 +0200
cc: Charlie_Kaufman@notesdev.ibm.com, IPsec WG <ipsec@lists.tislabs.com>
In-reply-to: Your message of Wed, 30 Apr 2003 03:09:31 +0300. <Pine.GSO.4.21.0304300108490.15079-100000@ee.technion.ac.il>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

   (5) Page 29 2.17

   Current text:
   
    For CREATE_CHILD_SA exchanges with PFS the keying material is defined as:
    
         KEYMAT = prf+(SK_d, g^ir (ph2) | Ni | Nr )
   
   Proposed text: erase g^ir (ph2)
   
   Explanation: this is a leftover from 06. You erased g^ir from other places
   where it was unneeded but this one stayed. If I understand correctly, the
   value SK_d used in this derivation is computed in section 2.18 using

=> I am afraid that you are wrong here: section 2.18 is about
CREATE_CHILD_SAs rekeying IKE SAs, section 2.17 is about
CREATE_CHILD_SA in general (i.e., for IKE SAs and IPsec SAs),
and KEYMAT is (this is not written in the draft!) for IPsec SAs only.

   SKEYSEED which, in turn, is already derived from g^ir (new) . 
   Thus re-using g^ir (ph2) (here `ph2' and `new' refer to the same thing) 
   under SK_d is of no help (and spoils the theoretical analysis).
   
=> in fact there are at least two improvements to do:
 - explain again what is a CHILD_SA (the term is introduced in the overview)
 - as a consequence make clearer that KEYMAT is the keying material
   of the being established IPsec SA pair.

Regards

Francis.Dupont@enst-bretagne.fr

Prev by Date: Re: IPSEC in High Availability scenarios
Next by Date: Re: EAP Handling in IKEv2
Prev by thread: Re: ikev2-07: last nits
Next by thread: Re: Question on inbound IPSEC policy check
Index(es):
- Date
- Thread