* Matthew Toseland <[EMAIL PROTECTED]> [2007-09-29 22:05:06]:
> I don't understand message 2. We send g^i in message 1, and then we don't
> send
> it back in message 2, we wait for it to be resent in message 3. Is it
> possible that this is a mistake in the spec PDF? The internet-draft version
> of the spec has it a little differently:
>
> Message 2, R->I: Ni, Nr, g^r, GRPINFOr, IDr,
> SIG{r}(g^r), HMAC{HKr}(Ni, Nr, g^i, g^r)
>
> JFK pdf: http://people.csail.mit.edu/canetti/materials/jfk.pdf
> JFK internet-draft: http://tools.ietf.org/html/draft-ietf-ipsec-jfk-00
>
I've used an other version... of the same draft :
Message 2, R->I: Ni, Nr, g^r, GRPINFOr, IDr,
SIG{r}(g^r, GRPINFOr), HMAC{HKr}(g^r, Nr, Ni, IPi)
> AFAICS it is important that the initiator commit to a specific g^i at the
> beginning, no? And we don't store it, so we have to send it back, and include
> it in the authenticator?
>
The version of the paper I have doesn't do it ... but it sounds like a
good idea to put it in the authenticator.
signature.asc
Description: Digital signature
_______________________________________________ Devl mailing list [email protected] http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
