Question about IKEv2 authentication

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


Hope this is the right group to ask or else please tell me where to ask.

I have a question about the AUTH part of the encrypted request the initiator
sends. The RFC document (4306) states that :
...the initiator signs the first message, starting with the first octet of
the first SPI in the header and ending with the last octet of the last
payload. Appended to this (for purposes of computing the signature) are the
responder's nonce Nr, and the value prf(SK_pi,IDi'). In the above
calculation, IDi' and IDr' are the entire ID payloads excluding the fixed

How does the responder check that this signature is correct?



Site Timeline