I-D ACTION:draft-ietf-ipsec-ike-hash-revised-01.txt

Tero Kivinen <kivinen@ssh.fi> Thu, 09 March 2000 22:48 UTC

Date: Thu, 09 Mar 2000 23:01:11 +0200
Message-Id: <200003092101.XAA26384@torni.ssh.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
From: Tero Kivinen <kivinen@ssh.fi>
To: ipsec@lists.tislabs.com
Subject: I-D ACTION:draft-ietf-ipsec-ike-hash-revised-01.txt
In-Reply-To: <200003091128.GAA24444@ietf.org>
References: <200003091128.GAA24444@ietf.org>
Organization: SSH Communications Security Oy
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

Internet-Drafts@ietf.org writes:
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the IP Security Protocol Working Group of the IETF.
> 
> 	Title		: Fixing IKE Phase 1 & 2 Authentication HASH
> 	Author(s)	: T. Kivinen
> 	Filename	: draft-ietf-ipsec-ike-hash-revised-01.txt
> 	Pages		: 8
> 	Date		: 08-Mar-00
> 	

Here is a short summary of the changes in the document:

* Added section to describe how phase 2 authentication hashes should
  be changed to fix the unauthenticated isakmp header problem in the
  phase 2 exchnages. 

* Changed the authentication hash to be hash of hashes instead of hash
  of the full packets. This way the memory consumption used to before
  calculating the hash is smaller, and the same per packet hash can
  also used to detect retransmission packets.

* Added more text saying that the template hash/sig payload must
  contain generic payload header, but only the contents of the hash/sig
  field itself is all zeros.
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

I-D ACTION:draft-ietf-ipsec-ike-hash-revised-01.t… Internet-Drafts
I-D ACTION:draft-ietf-ipsec-ike-hash-revised-01.t… Tero Kivinen
IKE interoperability Jianying Zhou