[Ipsec] IKEv2 questions (for lecture)

[Amir Herzberg <herzbea@macs.biu.ac.il>]

I'm updating my IP-Sec lecture, in particular to cover IKEv2. While doing 
so, I read the current (March 22, 2004, ikev2-13.txt) draft. There are few 
issues where I wasn't sure if I understood correctly, or where there may be 
some typos/errors. All of some of these issues may have been discussed 
before, as I was not able to follow up with IKE recently, so I apologize 
for any such repeating, but would still appreciate a reply, possibly off-list.

1. In section 2.14 Generating Keying Material for the IKE_SA, you use 
SKEYSEED = prf(Ni | Nr, g^ir). But, the key to the  prf is the _first_ 
parameter, in this case Ni | Nr, which is of course not secret. Is this 
intentional or a typo (i.e. the intention was SKEYSEED = prf(g^ir, Ni | Nr) ?

2. I didn't find where the (optional) N parameter of CREATE_CHILD_SA 
request is defined, and also, I wonder if there is a good reason for using 
here the letter N as the symbol for this value. (See section 1.3).

3. Also in section 1.3: there is a comment there `if the SA offers include 
different Diffie-Hellman groups,...` - doesn't the same comment apply for 
the initial exchange (section 1.2)?

4. Section 2.4: s/It is important when/It is important that when/

I may have few additional questions later on... still reading. Unless you 
prefer currently to discuss only identified open issues.

BTW: I expect to complete this revision of the IP-Sec lecture in few days 
(so please DON'T download the current version...).

Best regards,

Amir Herzberg
http://amirherzberg.com (information and lectures in cryptography & security) 


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec