Dan Harkins writes: > I'm not so sure it makes sense to define a new hash algorithm per curve > though. I would suggest just using the negotiated hash function. That is
We do not negotiate hash function in IKEv2. We do negotiate Pseudo-random function (PRF) and Integrity Algorithm (MAC), but there is no HASH function negotiated. > going to be used for key derivation and will influence the level of security > that the exchange affords. That is, if you define SHA-384 to use with > brainpoolP384r1 but the two sides end up using SHA-1 for key derivation > then I'm not sure what using SHA-384 for authentication is buying you. IKEv2 do not use hash function for key deriviation it uses PRF for that. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
