On Jul 2, 2009, at 8:18 PM, Paul Hoffman wrote:
> It appears that the errata is either wrong or insufficient. If the > errata is right, then I'm pretty sure the test vectors in section 8 > are wrong. For example, from 8.1: > ------------------------------------ <snip> > ------------------------------------ > That sure looks like the concatenation of x an y, which is why I > responded as I did earlier. We need to differentiate between the values transmitted over the wire between IKEv2 peers, and the value they used as a seed to derive keying material. I think the KE payload examples are correct in 8.1. The peers need both coordinates to compute the derived point. However, they only need to use the x coordinate of this point as the shared secret. In the context of the example in 8.1, I interpreted the errata as changing the last sentence in the section to: "girx is the value that is used in the formation of SKEYSEED." I'm aware of several implementations that comply with this errata, so I think a decision to withdraw it requires careful deliberation. That being said, this issue needs to be clearly resolved so implementations from different vendors can interoperate. Regards, Sean Sean Kevin O'Keeffe STRATUS Solutions, Inc. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
