[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: My current thoughts on IPSEC



And what rule do you propose for each side to use to choose distinct
subsets of the bits?  Maybe the side with the larger number in the D-H
exchange takes the higher order bits and the other takes the lower
order bits?

> From:    hughes@hughes.network.com (James P. Hughes)
> To:      "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.lkg.dec.com>,
> 	 "Housley, Russ" <housley@spyrus.com>
> cc:      ipsec@ans.net
> Date:    Fri, 20 May 1994 10:43:52 -0500
> Subject: Re: Re[2]: My current thoughts on IPSEC
> 
> 
> > I think the simplest answer is not to use the same key for both
> > directions.
> 
> This is possible even if a single key negotiation is used.
> 
> I.e, when the Diffie Hellman "negotiation" is complete, there is at least 512
> bilts of common random data at both ends. This is more than enough for 2
> symetric keys of almost any algorithm I know of.
> 
> jim
> 
> 


Follow-Ups: References: