[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

clarification on IKEv2 with EAP

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: clarification on IKEv2 with EAP
From: "David Mariblanca (ML/EEM)" <david.mariblanca@ericsson.com>
Date: Wed, 31 Mar 2004 12:37:10 +0200
Sender: owner-ipsec@lists.tislabs.com


Hi,
I am reading the IKEv2 i-d and I have a question in chapter 2.16, about the usage of EAP methods over IKEv2.
The sequence diagram with the process is the following (copied from the paper):

       Initiator                          Responder
      -----------                        -----------
       HDR, SAi1, KEi, Ni         -->

                                  <--    HDR, SAr1, KEr, Nr, [CERTREQ]

       HDR, SK {IDi, [CERTREQ,] [IDr,]
                SAi2, TSi, TSr}   -->

                                  <--    HDR, SK {IDr, [CERT,] AUTH,
                                                EAP }

       HDR, SK {EAP, AUTH}     -->

                                  <--    HDR, SK {EAP, AUTH,
                                                  SAr2, TSi, TSr }


As written in the paper, the initiator omits the AUTH payload in message 3 when it wants to use EAP. Later on, it is written that when the whole EAP message is finished, the resultant shared secret (if exists) is used to generate the AUTH in messages 5 and 6. My question is: what about AUTH in message 4 ? How is it generated ?

Thanks and best regards,
David.

Follow-Ups:
- Re: clarification on IKEv2 with EAP
  - From: Yoav Nir <ynir@checkpoint.com>

Prev by Date: Re: 2nd try
Next by Date: Re: clarification on IKEv2 with EAP
Previous by thread: Issue 83 will be withdrawn
Next by thread: Re: clarification on IKEv2 with EAP
Index(es):
- Date
- Thread