Re: [IPsec] Fw: Preshared key authentication in IKEv2

To: "Tero Kivinen" <kivinen at iki.fi>, "Paul Hoffman" <paul.hoffman at vpnc.org>
Subject: Re: [IPsec] Fw: Preshared key authentication in IKEv2
From: "Valery Smyslov" <svanru at gmail.com>
Date: Mon, 2 Nov 2009 17:40:57 +0300
Cc: ipsec at ietf.org
Delivered-to: ipsec at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to:cc :references:subject:date:mime-version:content-type :content-transfer-encoding:x-priority:x-msmail-priority:x-mailer :x-mimeole; bh=tP48V8DYFx+4tWHYDeeq01mIRHx6ga4rvuy+q0Ep9xg=; b=Y99/dg1FMwAm1dzBxUOidtGrT4S366DFxSsZyCa4eqBaoVP6+vmp5Rjdi9cNIBSB60 da+rjxqaMfc26J4csLpe/SlDjvSVTIDBL3jSSLWKmG4NKvb07vcKvmyQW6vTmDrTnFy2 6B2w9NNHb+gx/OW8Cgrj9VDOCWyquraEztD/o=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:cc:references:subject:date:mime-version :content-type:content-transfer-encoding:x-priority:x-msmail-priority :x-mailer:x-mimeole; b=MUixWhA8y31JRivBw7+/LJHKSwD8F2grd2WcMrUzNe8nCSDk3KW4gUchQJUCP2ewNr NsIPf/wFqVAjU5Uf49gSwiUp1u4BSaPbrAiVX+T77++LcqGT5ZfBKzQJK24XyvPiFgLS shwBG1GGU/GDz9EGYBSL0Gea2L7WxjDHqE0ws=
List-archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: Discussion of IPsec protocols <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <82DFB96E88E54DE98E9B6B5F766C3EB8 at trustworks.com><p06240896c710cc6eae34 at [10.20.30.158]> <19182.59664.628328.76563 at fireball.kivinen.iki.fi>

Hi Paul and Tero,

thank you for your answers.

> > The PRF (or set of PRFs) is known by the receiving party. If the two
> > parties always only use one PRF, it is known. The padding is not a
> > universal solution for the reasons you give, but it works in the
> > common case of peers who know each other's crypto choices.
>
> As Paul said recipient knows which algorithms it support, and it can

Sometimes it doesn't. I refer to implementations with pluggable
crypto, when crypto providers are separated from IKE implementation
and can be added/removed later.

> store the pre-shared key using all of those algoritms to its database.
> I.e. if it supports PRF_HMAC_SHA1, and PRF_AES128_XCBC then it needs
> to calculate the PRF(Shared Secret, "Key Pad for IKEv2") using those
> two PRFs and store both of the results to its authentication database.

With this approach in case of pluggable crypto user must re-enter shared
secret
after any change in crypto configuration. It's not a big deal, just a bit
inconvinient...

Regards,
Smyslov Valery.

Follow-Ups:
- Re: [IPsec] Fw: Preshared key authentication in IKEv2
  - From: Tero Kivinen

References:
- [IPsec] Fw: Preshared key authentication in IKEv2
  - From: Valery Smyslov
- Re: [IPsec] Fw: Preshared key authentication in IKEv2
  - From: Paul Hoffman
- Re: [IPsec] Fw: Preshared key authentication in IKEv2
  - From: Tero Kivinen

Prev by Date: Re: [IPsec] RFC4307 & ENCR_NULL & USGv6 profile & Roadmap document
Next by Date: Re: [IPsec] Fw: Preshared key authentication in IKEv2
Previous by thread: Re: [IPsec] Fw: Preshared key authentication in IKEv2
Next by thread: Re: [IPsec] Fw: Preshared key authentication in IKEv2
Index(es):
- Date
- Thread

Re: [IPsec] Fw: Preshared key authentication in IKEv2

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.