| Main Archive Page > Month Archives > ipsec archives |
Re: [IPsec] draft-welter-ipsecme-ikev2-reauth-02
From: Keith Welter <welterk_at_nospam>Date: Wed Jan 19 2011 - 17:21:07 GMT
To: ipsec@ietf.org
I submitted draft-welter-ipsecme-ikev2-reauth-03 with the rewording shown
below. I'd like to ask the working group to accept this as a work item
but I am unfamiliar with the process. What next?
Thanks,
Keith Welter
IBM z/OS Communications Server Developer
1-415-545-2694 (T/L: 473-2694)
> I noticed a minor problem in section 5:
> "When not using extensible authentication, the peers are authenticated
> by having each sign (or MAC using a padded shared secret as the key,
> as described later in this section) a block of data.
>
> But the padding is not described later in the section.
>
> I will reword the section as follows:
> "5. Authentication Data for Reauthenticating the IKE SA
>
> When not using extensible authentication, the peers are
> authenticated by having each sign (or MAC using a padded shared
> secret as the key) a block of data as described in [IKEv2] Section
> 2.15 except for the following differences:
>
> o For the modified IKE_AUTH request, the octets to be signed
> start with the first octet of the previous Authentication payload
> sent by the initiator and end with the last octet of that payload.
>
> o For the modified IKE_AUTH response, the octets to be signed
> start with the first octet of the previous Authentication payload
> sent by the responder and end with the last octet of that payload."
>
>
> Keith Welter
> IBM z/OS Communications Server Developer
> 1-415-545-2694 (T/L:
473-2694)_______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec