Date: Wed, 25 Jul 2001 11:00:13 +0100 (BST) From: =?iso-8859-1?q?Ewan=20Carr?= <ewancarr@yahoo.com> To: FreeBSD-Security@FreeBSD.ORG Subject: IKE/Racoon Message-ID: <20010725100013.15001.qmail@web13308.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Can anyone clear up an ambiguity (in my mind anyway) in RFC2409 (IKE). Say you are using a pre-shared key for authentication in Phase 1 negotiations. RFC 2409 says that the SKEYID value for authentication is calculated thus.. For signatures: SKEYID = prf(Ni_b | Nr_b, g^xy) ..... For pre-shared: SKEYID = prf(pre-shared, Ni_b | Nr_b) where g^xy is the DH-generated shared key. and N* are the nonce values The value SKEYID_A is then calculated from prf(SKEYID,SKEYID_d | g^xy | CKY-I | CKY-R | 1) (SKEYID_d is just anothe generated from SKEYID, the cookies and the diffe-hellman shared secret) What I dont understand is why for the pre-shared key method of authentication you need to generate this additional diffe hellman shared key. Does this actually happen or is the 'formula' above just confusing.. Ta, Ewan ____________________________________________________________ Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010725100013.15001.qmail>