Re: [IPsec] Fw: Preshared key authentication in IKEv2

Paul Hoffman <> Fri, 30 October 2009 17:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6E63A3A6A5C for <>; Fri, 30 Oct 2009 10:04:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.742
X-Spam-Status: No, score=-5.742 tagged_above=-999 required=5 tests=[AWL=0.304, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id h67pFJA11Z-Z for <>; Fri, 30 Oct 2009 10:04:42 -0700 (PDT)
Received: from (Balder-227.Proper.COM []) by (Postfix) with ESMTP id A18323A69CA for <>; Fri, 30 Oct 2009 10:04:42 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.14.2/8.14.2) with ESMTP id n9UH4uvK032505 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 Oct 2009 10:04:58 -0700 (MST) (envelope-from
Mime-Version: 1.0
Message-Id: <p06240896c710cc6eae34@[]>
In-Reply-To: <>
References: <>
Date: Fri, 30 Oct 2009 10:04:55 -0700
To: "Valery Smyslov" <>, <>
From: Paul Hoffman <>
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [IPsec] Fw: Preshared key authentication in IKEv2
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 30 Oct 2009 17:04:43 -0000

At 9:58 AM +0300 10/30/09, Valery Smyslov wrote:
>Hi all,
>I'd like to reiterate my early message, which I haven't got answer to.
>My concerns are:
>1. How padding pre-sahred key with string "Key Pad for IKEv2"
>    could help to avoid storing pre-shared key in IKE implementation
>    if prf is not known untill IKE_SA_INIT exchange is finished?

The PRF (or set of PRFs) is known by the receiving party. If the two parties always only use one PRF, it is known. The padding is not a universal solution for the reasons you give, but it works in the common case of peers who know each other's crypto choices.

>2. It is a bit unclear whether EAP generated key should also
>    be padded before use in IKE, or used directly.

I'm pretty sure the key is used in its PRF form, not in its "as is" form, but I would want to hear from one or two implementers on that.

--Paul Hoffman, Director
--VPN Consortium