Hosting Provided By

Re: [Hipsec] Re: The exact method used to generate a HIT from a HI

From: Pekka Nikander <pekka.nikander(at)nomadiclab.com>
Date: Tue Mar 18 2003 - 17:50:42 EST

On Fri, Mar 14, 2003 at 02:27:26PM +0200, Pekka Nikander wrote:

>> Now, if I understand this correctly, the RFC2536 public key
>> consist of the OpenSSL fields q, p, g and pub_key.  Thus,
>> we would have something like

Derek Fawcus wrote:
> My understanding was that it had the t field first, so the following

Well, RFC2536 is quite specific in saying that the public key is considered to consist of q, p, g and the public key, *excluding* the length value t.

> Unless of course, we're saying assume a fixed value for t?

I guess it might be good to carry T in the host_id payload. However, in theory you would not need to since you can infer it from the payload length.

Now, if the T is carried in the payload, it is a different question whether to include in to the hash or not. Originally I thought it should not, since RFC2536 does not consider it as a part of the public key. However, the consensus seems to be that the hash should be made over whatever is in the host_id payload. Thus, if T is included into the payload, the hash should include it.

The remaining question seems to be what exactly to place into the host_id payload. Should it just be the RFC2536 DSA key? If so, should it include T or not? Or should it be RFC2535 RDATA?

Do you need help?

My personal opinion would be to use the RFC2536 DSA format only. I don't see much reason to use RFC2535 format, especially since it looks like we can't use the KEY RR anyway. (See the messages by Michael and Steve B.) But I am still waiting some of the proponents of RFC2535 to write up something... :-)

--Pekka Nikander

Hipsec mailing list
Hipsec@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/hipsec Received on Tue Mar 18 18:51:14 2003

This message: [ Message body ]
Next message: Tom Henderson: "[Hipsec] Re: The exact method used to generate a HIT from a HI"
Previous message: Derek Fawcus: "Re: [Hipsec] comments on new HIP draft"
In reply to: Derek Fawcus: "Re: [Hipsec] Re: The exact method used to generate a HIT from a HI"
In reply to Henderson, Thomas R: "[Hipsec] Re: The exact method used to generate a HIT from a HI"
Next in thread: Derek Fawcus: "Re: [Hipsec] Re: The exact method used to generate a HIT from a HI"
Reply: Derek Fawcus: "Re: [Hipsec] Re: The exact method used to generate a HIT from a HI"
Reply: Tom Henderson: "[Hipsec] Re: The exact method used to generate a HIT from a HI"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:58 EDT