On Wed, Jan 08, 2020 at 05:41:59PM +0300, Valery Smyslov wrote:
>
> > Roman Danyliw has entered the following ballot position for
> > draft-ietf-ipsecme-qr-ikev2-10: No Objection
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
[...]
>
> > -- Recommend explaining the notation/relationship between the “prime
> > versions”
> > of the sub-keys (i.e., SK_d’ and SK_pi’ and SK_pr’) in the this SKEYSEED
> > formula with the SKEYSEED formula in Section 2.14 of [RFC72196].
>
> I'm not sure I fully understand what you mean.
> I think we provide formulas of how prime and non-prime versions
> are correlated (i.e. how non-prime versions are computed from prime versions).
> Am I missing something?
I think the idea is something in the general vicinity of "the un-primed
values SK_d, SK_pi, and SK_pr are used as inputs to subsequent steps of the
IKEv2 exchange; this document uses the primed versions to represent the
output of prf+ that are used directly in regular IKEv2, in order to
introduce an additional operation (combination with PPK) between prf+ and
subsequant usage". A reader looking at this document and RFC 7296
side-by-side will see that where RFC 7296 sets {SK_d [...]} = prf+
(SKEYSEED, [...]), this document uses the "primed" versions, and might
wonder what's different between SK_d (RFC 7296) and SK_d' (this document).
-Ben
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
