[anonsec] details of IKE/IPsec channel binding
Nicolas Williams
Nicolas.Williams at sun.com
Wed Apr 4 12:41:39 PDT 2007
On Tue, Apr 03, 2007 at 03:26:42PM +0200, Julien Laganier wrote:
> You might also want to do something similar to what HIP
> does:
>
> min(pk_i, pk_r) || max(pk_i, pk_r) so that the channel
> bindings between two peers is independent from who
> initiated the IKE exchange.
We've long known we'd have to do something like that because
initiator/responder at the IKE layer can be the opposite of
client/server roles at the ULP or higher layers. (TCP-like protocols
can always figure out which is which and put the two public keys in
client || server order.
More information about the ANONSEC
mailing list