Fixing IKE Phase 1 & 2 Authentication HASH

Document Type Expired Internet-Draft (ipsec WG)
Author Tero Kivinen 
Last updated 2001-11-26
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document defines new method of calculating the authentication HASH of the IKE [RFC-2409] protocol. It fixes known problems with the IKE. The way the HASH is currently defined in the [RFC-2409] does not authen- ticate the ISAKMP [RFC-2408] packet header, nor does it authenticate any extra ISAKMP payloads inside phase 1 ISAKMP packets. This causes a secu- rity problem when using extra ISAKMP payloads as already defined in the IKE and DOI [RFC-2407] (vendor ID payload, INITIAL-CONTACT notification etc). There is also suggestion how to fix the Phase 2 authentication hashes so that they will also authenticate the ISAKMP packet header.


Tero Kivinen (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)