[IPsec] #116: The AUTH payload signature
Yaron Sheffer <yaronf@checkpoint.com> Thu, 29 October 2009 23:17 UTC
Return-Path: <yaronf@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4EA323A697F for <ipsec@core3.amsl.com>; Thu, 29 Oct 2009 16:17:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.686
X-Spam-Level:
X-Spam-Status: No, score=-3.686 tagged_above=-999 required=5 tests=[AWL=-0.088, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M1J8XlQmT2PN for <ipsec@core3.amsl.com>; Thu, 29 Oct 2009 16:17:50 -0700 (PDT)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by core3.amsl.com (Postfix) with ESMTP id 21E4B3A699C for <ipsec@ietf.org>; Thu, 29 Oct 2009 16:17:49 -0700 (PDT)
Received: from il-ex01.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id n9TNI5hu020024 for <ipsec@ietf.org>; Fri, 30 Oct 2009 01:18:05 +0200 (IST)
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Fri, 30 Oct 2009 01:18:07 +0200
From: Yaron Sheffer <yaronf@checkpoint.com>
To: IPsecme WG <ipsec@ietf.org>
Date: Fri, 30 Oct 2009 01:18:07 +0200
Thread-Topic: #116: The AUTH payload signature
Thread-Index: AcpY7JIWsaUaiVnDRVWi32jyvGpWeA==
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDA1213EA8@il-ex01.ad.checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_7F9A6D26EB51614FBF9F81C0DA4CFEC801BDA1213EA8ilex01adche_"
MIME-Version: 1.0
Subject: [IPsec] #116: The AUTH payload signature
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Oct 2009 23:17:51 -0000
The definition of the payload (sec. 3.8) should mention explicitly that the payload hash algorithm is unrelated to the one used in the certificate, or the algorithm used to sign the IKE Encrypted Payload. Moreover, the words "by default" are confusing and should be deleted.
- [IPsec] #116: The AUTH payload signature Tero Kivinen
- [IPsec] #116: The AUTH payload signature Yaron Sheffer
- Re: [IPsec] #116: The AUTH payload signature Yaron Sheffer
- Re: [IPsec] #116: The AUTH payload signature Tero Kivinen
- Re: [IPsec] #116: The AUTH payload signature Paul Hoffman