RE: IPS-All: Reminder - Security draft last call ends Monday, Jul y 1 at 8am EST

To: Black_David@emc.com
Subject: RE: IPS-All: Reminder - Security draft last call ends Monday, Jul y 1 at 8am EST
From: Paul Koning <ni1d@arrl.net>
Date: Fri, 28 Jun 2002 17:26:38 -0400
Cc: cbh@zyfer.com, ips@ece.cmu.edu
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
References: <277DD60FB639D511AC0400B0D068B71E0564BFEC@CORPMX14>
Sender: owner-ips@ece.cmu.edu

Excerpt of message (sent 28 June 2002) by Black_David@emc.com:
> The term "preshared keying" describes situations in which the preconfigured
> keys are used to derive multiple session keys in a fashion that compromise
> of a session key does not imply compromise or serious weakening of the
> preconfigured keys (IKE uses a keyed prf [usually a hash] to obtain this
> property).  Pre-shared keying is REQUIRED (MUST implement).

That's not quite accurate.  "Preshared key" is really a misnomer;
"authentication via shared secret" would be more accurate.  The shared
secret is not used to derive session keys.  Session keys are derived
from a Diffie-Hellman exchange.  The shared secret is used after the
D-H exchange to have each side prove to the other that it holds the
shared secret.

The use of a hash for key derivation occurs in Quick Mode (IKE phase
2) when PRF is not used; it derives the session key from the D-H value
obtained in Phase 1.

       paul

References:
- RE: IPS-All: Reminder - Security draft last call ends Monday, Jul y 1 at 8am EST
  - From: Black_David@emc.com

Prev by Date: RE: iSCSI: StatSN Field in R2T messages.
Next by Date: Re: iSCSI: Command Sequence Number (Single Connection Session)
Prev by thread: RE: IPS-All: Reminder - Security draft last call ends Monday, Jul y 1 at 8am EST
Next by thread: RE: IPS-All: Reminder - Security draft last call ends Monday, Jul y 1 at 8am EST
Index(es):
- Date
- Thread

Home

Last updated: Fri Jun 28 20:18:43 2002
11017 messages in chronological order