[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: need for encrypting IKE QM exchange

> There is a question I would like to ask regarding the need to
> encrypt the IKE Quick Mode exchange. I couldn't find throughout
> RFC2408 and RFC2409 a clear explanation to why SA, Nx, KE need to be
> encrypted (since the messages are authenticated anyway). 
> SA, Nx and KE only indicate to a potential attacker the transforms that
> are being used and the SA's lifetime, which imo is harmless.

others may disagree.  

also, selector values are exchanged, which may indicate port number /
protocol of the protected traffic, leaking information about the
traffic being carried.

					- Bill