[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC Minutes - IETF28
Russ,
Just to clarify.........
> attribute negotiation. When Jim presented DH, we all noticed that six
> exchanges are needed to complete key establishment; four are used by DH, and
> two are used for attribute negotiation. By the way, the attribute negotiation
> step is encrypted in the key that was generated to ensure that both parties
> generated the same key. This verification provides authentication.
The number of exchanges used in the Hughes implementation is 4. Two are used forthe Diffie-Helman, the remaining two are used for certificate exchange and attribute negotiation.
> IEEE 802.10 is looking at modified DH approaches that only need two exhanges.
> Of course, this requires that the certificates be passed in the clear. We do
> not see this as a problem. If any of you see this as a problem, please
> explain.
Sounds interesting. Can you explain more?
Ward
Follow-Ups: