Hi Paul and Tero, thank you for your answers.
> > The PRF (or set of PRFs) is known by the receiving party. If the two > > parties always only use one PRF, it is known. The padding is not a > > universal solution for the reasons you give, but it works in the > > common case of peers who know each other's crypto choices. > > As Paul said recipient knows which algorithms it support, and it can Sometimes it doesn't. I refer to implementations with pluggable crypto, when crypto providers are separated from IKE implementation and can be added/removed later. > store the pre-shared key using all of those algoritms to its database. > I.e. if it supports PRF_HMAC_SHA1, and PRF_AES128_XCBC then it needs > to calculate the PRF(Shared Secret, "Key Pad for IKEv2") using those > two PRFs and store both of the results to its authentication database. With this approach in case of pluggable crypto user must re-enter shared secret after any change in crypto configuration. It's not a big deal, just a bit inconvinient... Regards, Smyslov Valery. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
