[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Ipsec] IKEv2 questions (for lecture)
Amir Herzberg wrote:
> 1. In section 2.14 Generating Keying Material for the IKE_SA, you
> use SKEYSEED = prf(Ni | Nr, g^ir). But, the key to the prf is
> the _first_ parameter, in this case Ni | Nr, which is of course
> not secret. Is this intentional or a typo (i.e. the intention
> was SKEYSEED = prf(g^ir, Ni | Nr) ?
This is intentional (and was done the same way in IKEv1). Appendix
C.2 in Hugo Krawczyk's SIGMA paper explains why this was done
(http://www.ee.technion.ac.il/~hugo/sigma.ps).
> 2. I didn't find where the (optional) N parameter of CREATE_CHILD_SA
> request is defined, and also, I wonder if there is a good reason for
> using here the letter N as the symbol for this value. (See section
> 1.3).
I agree, this is not perhaps the best possible notation :-)
"N" means a "Notify" payload (but this isn't explained until
section 3.2), and the text in section 1.3 says that the notify
type is REKEY_SA.
> 3. Also in section 1.3: there is a comment there `if the SA offers
> include different Diffie-Hellman groups,...` - doesn't the same
> comment apply for the initial exchange (section 1.2)?
Yes, the comment applies to initial exchange also (and it is
mentioned later, in section 3.3.6).
Best regards,
Pasi
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec