Hi Tero,
> I was reading the draft-ietf-ipsecme-ikev2-intermediate through and I
> think it might be good thing to add a note at the end of section 3.3.1
> Protection of the IKE_INTERMEDIATE messages to clarify which SK_e[i/r]
> and SK_a[i/r] are to be used for the IKE_AUTH after all
> IKE_INTERMEDIATE exchanges (I assume it is the latest one).
Your assumption is correct.
I can add the following text at the end of 3.3.1:
Once all IKE_INTERMEDIATE exchanges are completed, the most recently
calculated
SK_e[i/r] and SK_a[i/r] keys are used for protection of the
IKE_AUTH and all the
subsequent exchanges.
Are you OK with this?
> Also perhaps we should have appendix showing the full protocol
> exchange example. I.e. something like this:
>
> ----------------------------------------------------------------------
>
> Appendix A. Example of IKE_INTERMEDIATE exchange.
>
> This appendix contains a short example of the messages using
> IKE_INTERMEDIATE. This appendix is purely informative; if it
> disagrees with the body of this document, the other text is
> considered correct.
>
> In this example there is one IKE_SA_INIT exchange, two
> IKE_INTERMEDIATE key exchanges followed by the IKE_AUTH exchange to
> authenticate the exchange. The xxx in the HDR(xxx,MID=yyy)
> indicates the exchange type, and yyy tells the message id used for
> that exchange. The keys used for each SK {} payload is indicated in
> the parenthesis after the SK. Otherwise payload notation is same as
> is used in the RFC7296.
>
>
> Initiator Responder
> -------------------------------------------------------------------
> HDR(IKE_SA_INIT,MID=0),
> SAi1, KEi, Ni,
> N(INTERMEDIATE_EXCHANGE_SUPPORTED) -->
>
> <-- HDR(IKE_SA_INIT,MID=0),
> SAr1, KEr, Nr, [CERTREQ],
> N(INTERMEDIATE_EXCHANGE_SUPPORTED)
>
> <Generate SK_[aip][ir] and store them as SK_[aip][ir]_1, start
> using them for SK {} payloads>
>
> HDR(IKE_INTERMEDIATE,MID=1),
> SK(SK_ei_1,SK_ai_1) { ... } -->
>
> <Calculate IntAuth_1_I = prf(SK_pi_1, ...)>
>
> <-- HDR(IKE_INTERMEDIATE,MID=1),
> SK(SK_er_1,SK_ai_1) { ... }
>
> <Calculate IntAuth_1_R = prf(SK_pr_1, ...)>
>
> <If this IKE_INTERMEDIATE did a new key exchange then update
> SK_[aip][ir] and store them as SK_[aip][ir]_2, start using them for
> SK {} payloads>
>
> HDR(IKE_INTERMEDIATE,MID=2),
> SK(SK_ei_2,SK_ai_2) { ... } -->
>
> <Calculate IntAuth_2_I = prf(SK_pi_2, ...)>
>
> <-- HDR(IKE_INTERMEDIATE,MID=2),
> SK(SK_er_2,SK_ai_2) { ... }
>
> <Calculate IntAuth_2_R = prf(SK_pr_2, ...)>
>
> <If this IKE_INTERMEDIATE did a new key exchange then update
> SK_[aip][ir] and store them as SK_[aip][ir]_3, start using them for
> SK {} payloads>
>
> HDR(IKE_AUTH,MID=3),
> SK(SK_ei_3,SK_ai_3) {IDi,
> [CERT,] [CERTREQ,]
> [IDr,] AUTH, SAi2,
> TSi, TSr} -->
>
> <-- HDR(IKE_AUTH,MID=3),
> SK(SK_er_3,SK_ar_3) {IDr,
> [CERT,] AUTH,
> SAr2, TSi, TSr}
>
> ----------------------------------------------------------------------
>
> I think having such appendix would make things easier to understand.
OK, will add it.
Thank you,
Valery.
> --
> kivi...@iki.fi
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
