[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: clarification on IKEv2 with EAP
Ok, I see. I did not remember the EAP messages were already integrity protected and encrypted with Sk_a and Sk_e. Then the AUTH payloads protect the IKE_INIT messages, the ones which were not sent protected since there was not key material yet to do it, correct ?
-----Original Message-----
From: Pasi.Eronen@nokia.com [mailto:Pasi.Eronen@nokia.com]
Sent: jueves, 01 de abril de 2004 13:19
To: David Mariblanca (ML/EEM); ipsec@lists.tislabs.com
Subject: RE: clarification on IKEv2 with EAP
David Mariblanca wrote:
> I will give my interpretation of chapter 16 and please confirm
> if it is correct.
> - The EAP payloads are sent in the IKEv2 messages without
> AUTH payloads. The AUTH payloads are sent only in the last
> two IKEv2 messages, and they correspond to the last two EAP
> messages, that is, AUTH in message 7 to EAP payload in
> message 5, and AUTH in message 8 to EAP payload in message 6
No, AUTH payloads do not authenticate the EAP messages, they
authenticate the IKEv2 SA (basically information from the
first two IKEv2 messages; first paragraph of Section 2.15
explains exactly what is included in the "<message octets>").
(All EAP messages are also MAC'd with SK_ar/SK_ai, but this is
not related to AUTH payloads; the integrity protection is
included in the "SK{...}" notation).
Best regards,
Pasi