[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC Minutes - IETF28

To: Russ_Housley.McLean_CSD@xerox.com
Subject: Re: IPSEC Minutes - IETF28
From: ward@mls1.hac.com (Ward Bathrick)
Date: Mon, 22 Nov 93 17:04:34 PST
Cc: ipsec@ans.net

Russ,

Just to clarify.........

> attribute negotiation.  When Jim presented DH, we all noticed that six
> exchanges are needed to complete key establishment; four are used by DH, and
> two are used for attribute negotiation.  By the way, the attribute negotiation
> step is encrypted in the key that was generated to ensure that both parties
> generated the same key.  This verification provides authentication.


The number of exchanges used in the Hughes implementation is 4. Two are used forthe Diffie-Helman, the remaining two are used for certificate exchange and attribute negotiation.


> IEEE 802.10 is looking at modified DH approaches that only need two exhanges.
> Of course, this requires that the certificates  be passed in the clear.  We do
> not see this as a problem.  If any of you see this as a problem, please
> explain.


Sounds interesting. Can you explain more?


Ward

Follow-Ups:

Re: IPSEC Minutes - IETF28

From: Russ_Housley.McLean_CSD@xerox.com

Prev by Date: Re: IPSEC Minutes - IETF28
Next by Date: Re: IPSEC Minutes - IETF28
Prev by thread: Re: IPSEC Minutes - IETF28
Next by thread: Re: IPSEC Minutes - IETF28
Index(es):
- Main
- Thread