[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The remaining IKEv2 issues

To: Uri Blumenthal <uri@lucent.com>
Subject: Re: The remaining IKEv2 issues
From: Stephen Kent <kent@bbn.com>
Date: Thu, 28 Aug 2003 16:49:29 -0400
Cc: Yoav Nir <ynir@CheckPoint.com>, ipsec@lists.tislabs.com
In-Reply-To: <3F4D21F2.8040308@lucent.com>
References: <11F4181E-D605-11D7-8A52-000A95834BAA@checkpoint.com><3F4CF5C2.7070704@lucent.com> <p05210611bb72adf02555@[128.89.88.34]><3F4D21F2.8040308@lucent.com>
Sender: owner-ipsec@lists.tislabs.com

At 17:26 -0400 8/27/03, Uri Blumenthal wrote:
>On 8/27/2003 2:51 PM, Stephen Kent wrote:
>>>Yes, but what I had in mind is - at the very worst we can mix the
>>>data from the exchange into the key generation mechanism input.
>>>
>>>Would it not make sense?
>>
>>  We have managed to cleanly separate the key generation function from
>>  the authentication function in IKE v2 and I think it would be
>>  preferable to keep them separate.
>
>Well, you can consider SecureID output as one of the nonces,
>or append it to the client's nonce... I see your point - but
>I'm sure you see mine.

I fear you are right, i.e., I don't see your point. But, unless other 
folks want to pursue approach this at this late stage in the IKE 
work, let's not devote more time to debating this.

Steve

References:
- Re: The remaining IKEv2 issues
  - From: Yoav Nir <ynir@CheckPoint.com>
- Re: The remaining IKEv2 issues
  - From: Uri Blumenthal <uri@lucent.com>
- Re: The remaining IKEv2 issues
  - From: Stephen Kent <kent@bbn.com>
- Re: The remaining IKEv2 issues
  - From: Uri Blumenthal <uri@lucent.com>

Prev by Date: Re: The remaining IKEv2 issues
Next by Date: Re: IPsec issue #46 -- No need for nested SAs or SA bundles
Prev by thread: Re: The remaining IKEv2 issues
Next by thread: Re: The remaining IKEv2 issues
Index(es):
- Date
- Thread