[IPsec] RFC5723: Calculating auth value in IKE_AUTH during Session resumption
Justin Lai <laijus@gmail.com> Wed, 29 October 2014 14:55 UTC
Return-Path: <ietf-ipsec@m.gmane.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 452DA1A0155 for <ipsec@ietfa.amsl.com>; Wed, 29 Oct 2014 07:55:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.189
X-Spam-Level:
X-Spam-Status: No, score=0.189 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jAbVEkANww5x for <ipsec@ietfa.amsl.com>; Wed, 29 Oct 2014 07:55:08 -0700 (PDT)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1C9A1A0141 for <ipsec@ietf.org>; Wed, 29 Oct 2014 07:55:07 -0700 (PDT)
Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from <ietf-ipsec@m.gmane.org>) id 1XjUeO-0007Pm-I0 for ipsec@ietf.org; Wed, 29 Oct 2014 15:55:04 +0100
Received: from c73-202.rim.net ([208.65.73.202]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ipsec@ietf.org>; Wed, 29 Oct 2014 15:55:04 +0100
Received: from laijus by c73-202.rim.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ipsec@ietf.org>; Wed, 29 Oct 2014 15:55:04 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: ipsec@ietf.org
From: Justin Lai <laijus@gmail.com>
Date: Wed, 29 Oct 2014 14:38:40 +0000
Lines: 15
Message-ID: <loom.20141029T152209-668@post.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: sea.gmane.org
User-Agent: Loom/3.14 (http://gmane.org/)
X-Loom-IP: 208.65.73.202 (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36)
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/w-Dix6c8wCSg3k6PakEu1NTIk4Y
Subject: [IPsec] RFC5723: Calculating auth value in IKE_AUTH during Session resumption
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Oct 2014 14:55:09 -0000
Hi, I am having some problem understanding how AUTH value is calculated during IKE_AUTH when a session is resumed using RFC 5723. Is the AUTH value calculation always going to be AUTH = prf(SK_px, <message octets>) regardless of the auth type used? For example if the auth method used during login was RSA Digital Signature for both client and gateway auth, then on session resumption, should the auth value be computed using RSA private key as well or should the AUTH value be computed using prf(SK_px, <message octets>)? Thanks
- [IPsec] RFC5723: Calculating auth value in IKE_AU… Justin Lai
- Re: [IPsec] RFC5723: Calculating auth value in IK… Yaron Sheffer