OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Review of IKE (section 2.64)


I found two types. One was in the original proposal, the other seems to happen in transcription.

In 2.64.2
in CK_IKE2_PRF_PLUS_DERIVE_PARAMS:
SeedData should be pSeedData
(it's correct in the header file and in the description below and the original proposal).



In section 2.64.6, the follow paragraph is missing from both the original proposal and the spec. (I think it was found after the proposal)

If CKA_VALUE_LEN is less then or equal to the prf length and bHasKeygxy is FALSE, then the new key is simply the base key truncated to CKA_VALUE_LEN (specified in RFC2409 appendix B). Otherwise the prf below is executed and the derived keys value is CKA_VALUE_LEN bytes of the resulting prf.

bob



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]