[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: need for encrypting IKE QM exchange

To: jfl@mobile-ip.de (Floroiu John)
Subject: Re: need for encrypting IKE QM exchange
From: Bill Sommerfeld <sommerfeld@east.sun.com>
Date: Tue, 03 Jun 2003 16:18:59 -0400
cc: ipsec@lists.tislabs.com
In-Reply-To: Your message of "Tue, 03 Jun 2003 11:51:23 +0200." <20030603095123.GD29366@www.mobile-ip.de>
Reply-to: sommerfeld@east.sun.com
Sender: owner-ipsec@lists.tislabs.com

> There is a question I would like to ask regarding the need to
> encrypt the IKE Quick Mode exchange. I couldn't find throughout
> RFC2408 and RFC2409 a clear explanation to why SA, Nx, KE need to be
> encrypted (since the messages are authenticated anyway). 
>
> SA, Nx and KE only indicate to a potential attacker the transforms that
> are being used and the SA's lifetime, which imo is harmless.

others may disagree.  

also, selector values are exchanged, which may indicate port number /
protocol of the protected traffic, leaking information about the
traffic being carried.

					- Bill

Follow-Ups:
- Re: need for encrypting IKE QM exchange
  - From: jfl@mobile-ip.de (Floroiu John)

References:
- need for encrypting IKE QM exchange
  - From: jfl@mobile-ip.de (Floroiu John)

Prev by Date: Working Group Last Call IKEv2
Next by Date: Eliminating "SHOULD-" from draft-ietf-ipsec-algorithms
Prev by thread: need for encrypting IKE QM exchange
Next by thread: Re: need for encrypting IKE QM exchange
Index(es):
- Date
- Thread