Re: IPSEC Minutes - IETF28

[Russ_Housley.McLean_CSD@xerox.com]

Ran and Steve:

I was not at the IPSEC meeting, so I was reluctant to jump into this
discussion.  However, this topic was also discussed at the IEEE 802.10 meeting,
nd I thought that I might be able to add some information.  As most of you
know, IEEE 802.10 is workig on a key management standard.  In that context, Jim
Zmuda presented the Diffie-Helman (DH) approach used in NLSP and TLSP.

Steve gave a very nice summary of the DH properties, so I will not repeat them
here.

In IEEE 802.10, key establishment goes through two phases: key generation and
attribute negotiation.  When Jim presented DH, we all noticed that six
exchanges are needed to complete key establishment; four are used by DH, and
two are used for attribute negotiation.  By the way, the attribute negotiation
step is encrypted in the key that was generated to ensure that both parties
generated the same key.  This verification provides authentication.

IEEE 802.10 is looking at modified DH approaches that only need two exhanges.
Of course, this requires that the certificates  be passed in the clear.  We do
not see this as a problem.  If any of you see this as a problem, please
explain.

Russ

---

Follow-Ups:

• Re: IPSEC Minutes - IETF28
• From: "Hilarie Orman" <ho@cs.arizona.edu>

References:

• Re: IPSEC Minutes - IETF28
• From: Steve Kent <kent@BBN.COM>

---

• Prev by Date: Re: IPSEC Minutes - IETF28
• Next by Date: Re: IPSEC Minutes - IETF28
• Prev by thread: Re: IPSEC Minutes - IETF28
• Next by thread: Re: IPSEC Minutes - IETF28
• Index(es):
  • Main
  • Thread