A revised encryption mode for ISAKMP/Oakley

Document Type Expired Internet-Draft (ipsec WG)
Authors Hugo Krawczyk  , Pau-Chen Cheng  , Ran Canetti 
Last updated 1997-08-05 (latest revision 1997-05-05)
Stream Internet Engineering Task Force (IETF)
Expired & archived
plain text pdf htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The ISAKMP/Oakley document [HC97] describes a proposed standard for using the Oakley Key Exchange Protocol in conjunction with ISAKMP to obtain authenticated and secret keying material for use with ISAKMP, and for other security associations such as AH and ESP for the IETF IPsec DOI. The public-key encryption method of carrying out Phase 1 of the key exchange in the ISAKMP/Oakley document provides significant security advantages over the other alternatives and should be the method of choice in many implementations. Unfortunately, as currently described in [HC97] the method requires two public key encryption and decryption operations from both the Initiator and the Responder. The present document describes a small modification to this method. The resulting scheme requires only one public key encryption and decryption operation from each party, while maintaining (and even improving on) the strong security properties of the ISAKMP/Oakley public-key encryption mode. Remark: This document is NOT self-contained, it is intended as an addendum to the authentication methods defined in [HC97]. In particular, it uses notation and definitions of [HC97]. Thus, it is best read in conjunction with [HC97].


Hugo Krawczyk (hugo@ee.technion.ac.il)
Pau-Chen Cheng (pau@watson.ibm.com)
Ran Canetti (canetti@watson.ibm.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)