[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[4]: My current thoughts on IPSEC
In the SDNS Key Managment Protocol, the initiator of the key management
exchange is 0 and the responder in 1. Any consistent approach will work.
> Subject: Re: Re[2]: My current thoughts on IPSEC
>Author: Stephen D Crocker <crocker@tis.com> at internet
>Date: 5/20/94 12:49 PM
>
>
>And what rule do you propose for each side to use to choose distinct
>subsets of the bits? Maybe the side with the larger number in the
>D-H exchange takes the higher order bits and the other takes the
>lower order bits?
>
>> From: hughes@hughes.network.com (James P. Hughes)
>> To: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.lkg.dec.com>,
>> "Housley, Russ" <housley@spyrus.com>
>> cc: ipsec@ans.net
>> Date: Fri, 20 May 1994 10:43:52 -0500
>> Subject: Re: Re[2]: My current thoughts on IPSEC
>>
>> > I think the simplest answer is not to use the same key for both
>> > directions.
>>
>> This is possible even if a single key negotiation is used.
>>
>> I.e, when the Diffie Hellman "negotiation" is complete, there is at least
512
>> bilts of common random data at both ends. This is more than enough for 2
>> symetric keys of almost any algorithm I know of.
>>
>> jim
>>