[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[4]: My current thoughts on IPSEC

To: hughes@hughes.network.com (James P. Hughes), Stephen D Crocker <crocker@tis.com>
Subject: Re[4]: My current thoughts on IPSEC
From: "Housley, Russ" <housley@spyrus.com>
Date: Wed, 25 May 94 13:14:25
Cc: dee@skidrow.lkg.dec.com, ipsec@ans.net
Encoding: 1230 Text


In the SDNS Key Managment Protocol, the initiator of the key management 
exchange is 0 and the responder in 1.  Any consistent approach will work.

> Subject: Re: Re[2]: My current thoughts on IPSEC 
>Author:  Stephen D Crocker <crocker@tis.com> at internet
>Date:    5/20/94 12:49 PM
>
>
>And what rule do you propose for each side to use to choose distinct 
>subsets of the bits?  Maybe the side with the larger number in the 
>D-H exchange takes the higher order bits and the other takes the 
>lower order bits?
>
>> From:    hughes@hughes.network.com (James P. Hughes)
>> To:      "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.lkg.dec.com>,
>>   "Housley, Russ" <housley@spyrus.com>
>> cc:      ipsec@ans.net
>> Date:    Fri, 20 May 1994 10:43:52 -0500
>> Subject: Re: Re[2]: My current thoughts on IPSEC
>> 
>> > I think the simplest answer is not to use the same key for both 
>> > directions.
>> 
>> This is possible even if a single key negotiation is used. 
>> 
>> I.e, when the Diffie Hellman "negotiation" is complete, there is at least 
512
>> bilts of common random data at both ends. This is more than enough for 2
>> symetric keys of almost any algorithm I know of.
>> 
>> jim
>>

Prev by Date: Re: Kerberos & PEM
Next by Date: it just occured to me...
Prev by thread: Re: Re[2]: My current thoughts on IPSEC
Next by thread: Re: Quiet in the list (was:Tunnel Establishment Protocol II)
Index(es):
- Main
- Thread