[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: [Ipsec] PFS in CHILD SA creation
From: Takashi Sorimachi <yoda20052005 () yahoo ! co ! uk>
Date: 2005-07-22 13:53:59
Message-ID: 20050722135359.69725.qmail () web25709 ! mail ! ukl ! yahoo ! com
[Download RAW message or body]
Hi,
It was suggested in IKEv2
(draft-ietf-ipsec-ikev2-17.txt) that if a CHILD SA is
created as part of the initial exchange, the nonces
from the initial exchange should be used to compute
keys for the CHILD SA (p.9).
The key set for CHILD SA:
KEYMAT = prf(SK_d, Ni | Nr)
SK_d is derived from SKEYSEED (the root secret),
whereas Ni and Nr are the nonces which have been used
already in the initial exchange.
Doesn't this arrangement lead to an imperfect forward
secrecy, given that all the elements of KEYMAT were
derived/used in the initial key exchange?
Thanks.
___________________________________________________________
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail \
http://uk.messenger.yahoo.com
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic