[anonsec] details of IKE/IPsec channel binding
Francis Dupont
Francis.Dupont at fdupont.fr
Wed Mar 21 10:05:37 PDT 2007
In your previous mail you wrote:
My thought was to generate another key from SKEYSEED, and do:
HMAC-prf(K, concatenation-of-public-keys);
and send that as well.
This would mean that comparing channel binding blogs is not just a memcpy(),
but now involves getting the key (K), and checking the hash.
Thoughts?
=> what about to use the INTEG (integrity algorithm) in place of
the PRF (pseudo-random function) with the same arguments?
(IMHO this is more appropriate to the intended usage.)
Regards
Francis.Dupont at fdupont.fr
More information about the ANONSEC
mailing list