[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: My current thoughts on IPSEC

To: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.lkg.dec.com>, "Housley, Russ" <housley@spyrus.com>
Subject: Re: Re[2]: My current thoughts on IPSEC
From: hughes@hughes.network.com (James P. Hughes)
Date: Fri, 20 May 1994 10:43:52 -0500
Cc: ipsec@ans.net
In-Reply-To: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.lkg.dec.com> "Re: Re[2]: My current thoughts on IPSEC" (May 20, 8:27am)
References: <9405201227.AA08294@skidrow.lkg.dec.com>


> I think the simplest answer is not to use the same key for both
> directions.

This is possible even if a single key negotiation is used.

I.e, when the Diffie Hellman "negotiation" is complete, there is at least 512
bilts of common random data at both ends. This is more than enough for 2
symetric keys of almost any algorithm I know of.

jim

Follow-Ups:

Re: Re[2]: My current thoughts on IPSEC

From: "Perry E. Metzger" <perry@imsi.com>

Re: Re[2]: My current thoughts on IPSEC

From: Stephen D Crocker <crocker@tis.com>

References:

Re: Re[2]: My current thoughts on IPSEC

From: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.lkg.dec.com>

Prev by Date: Re: Tunnel Establishment Protocol II
Next by Date: Re: Re[2]: My current thoughts on IPSEC
Prev by thread: Re: Re[2]: My current thoughts on IPSEC
Next by thread: Re: Re[2]: My current thoughts on IPSEC
Index(es):
- Main
- Thread