[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: need for encrypting IKE QM exchange
> There is a question I would like to ask regarding the need to
> encrypt the IKE Quick Mode exchange. I couldn't find throughout
> RFC2408 and RFC2409 a clear explanation to why SA, Nx, KE need to be
> encrypted (since the messages are authenticated anyway).
> SA, Nx and KE only indicate to a potential attacker the transforms that
> are being used and the SA's lifetime, which imo is harmless.
others may disagree.
also, selector values are exchanged, which may indicate port number /
protocol of the protected traffic, leaking information about the
traffic being carried.