@techreport{ietf-ipsec-ike-hash-revised-03,
    number =    {draft-ietf-ipsec-ike-hash-revised-03},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-ipsec-ike-hash-revised/03/},
    author =    {Tero Kivinen},
    title =     {{Fixing IKE Phase 1 \& 2 Authentication HASH}},
    pagetotal = 6,
    year =      2001,
    month =     nov,
    day =       26,
    abstract =  {This document defines new method of calculating the authentication HASH of the IKE {[}RFC-2409{]} protocol. It fixes known problems with the IKE. The way the HASH is currently defined in the {[}RFC-2409{]} does not authen- ticate the ISAKMP {[}RFC-2408{]} packet header, nor does it authenticate any extra ISAKMP payloads inside phase 1 ISAKMP packets. This causes a secu- rity problem when using extra ISAKMP payloads as already defined in the IKE and DOI {[}RFC-2407{]} (vendor ID payload, INITIAL-CONTACT notification etc). There is also suggestion how to fix the Phase 2 authentication hashes so that they will also authenticate the ISAKMP packet header.},
}