Tero requested a clarification: I'm proposing to say that the certificate's hash algorithm does not determine the AUTH hash function (which is the negotiated PRF). Implementations may use the certificates received from a given peer as a hint for selecting a mutually-understood PRF with that peer.
And yes, the last sentence refers to this text: To promote interoperability, implementations that support this type SHOULD support signatures that use SHA-1 as the hash function and SHOULD use SHA-1 as the default hash function when generating signatures. ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Yaron Sheffer Sent: Friday, October 30, 2009 1:18 To: IPsecme WG Subject: [IPsec] #116: The AUTH payload signature The definition of the payload (sec. 3.8) should mention explicitly that the payload hash algorithm is unrelated to the one used in the certificate, or the algorithm used to sign the IKE Encrypted Payload. Moreover, the words "by default" are confusing and should be deleted. Scanned by Check Point Total Security Gateway.
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
