At 1:44 PM +0200 11/25/09, Tero Kivinen wrote:
>Yaron Sheffer writes:
>> Tero requested a clarification: I'm proposing to say that the
>> certificate's hash algorithm does not determine the AUTH hash
>> function (which is the negotiated PRF). Implementations may use the
>> certificates received fro
Yaron Sheffer writes:
> Tero requested a clarification: I'm proposing to say that the
> certificate's hash algorithm does not determine the AUTH hash
> function (which is the negotiated PRF). Implementations may use the
> certificates received from a given peer as a hint for selecting a
> mutually-
signatures.
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Yaron
Sheffer
Sent: Friday, October 30, 2009 1:18
To: IPsecme WG
Subject: [IPsec] #116: The AUTH payload signature
The definition of the payload (sec. 3.8) should mention explicitly that the
payload hash al
Yaron Sheffer writes:
> The definition of the payload (sec. 3.8) should mention explicitly
> that the payload hash algorithm is unrelated to the one used in the
> certificate, or the algorithm used to sign the IKE Encrypted
> Payload.
What is the exact wording you are plannig to add there. As in s
The definition of the payload (sec. 3.8) should mention explicitly that the
payload hash algorithm is unrelated to the one used in the certificate, or the
algorithm used to sign the IKE Encrypted Payload.
Moreover, the words "by default" are confusing and should be deleted.