[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: My current thoughts on IPSEC
You are assuming that things are symmetric. In my conception, there
is an initiator and a responder so its easy to resolve such questions.
Donald
From: Stephen D Crocker <crocker@tis.com>
To: hughes@hughes.network.com (James P. Hughes)
Cc: "Donald E. Eastlake 3rd (Beast)" <dee>,
"Housley, Russ" <housley@spyrus.com>, ipsec@ans.net
In-Reply-To: Your message of "Fri, 20 May 94 10:43:52 CDT."
<9405201043.ZM4373@hughes.network.com>
>And what rule do you propose for each side to use to choose distinct
>subsets of the bits? Maybe the side with the larger number in the D-H
>exchange takes the higher order bits and the other takes the lower
>order bits?
>
>> From: hughes@hughes.network.com (James P. Hughes)
>> To: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.lkg.dec.com>,
>> "Housley, Russ" <housley@spyrus.com>
>> cc: ipsec@ans.net
>> Date: Fri, 20 May 1994 10:43:52 -0500
>> Subject: Re: Re[2]: My current thoughts on IPSEC
>>
>>
>> > I think the simplest answer is not to use the same key for both
>> > directions.
>>
>> This is possible even if a single key negotiation is used.
>>
>> I.e, when the Diffie Hellman "negotiation" is complete, there is at least 512
>> bilts of common random data at both ends. This is more than enough for 2
>> symetric keys of almost any algorithm I know of.
>>
>> jim
References: