[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: Two keys to differentiate directions

To: amir@watson.ibm.com, "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.lkg.dec.com>
Subject: Re[2]: Two keys to differentiate directions
From: "Housley, Russ" <housley@spyrus.com>
Date: Sat, 11 Jun 94 19:23:03
Cc: ipsec@ans.net
Encoding: 662 Text


Don:

>>>>  I think the simplest answer is not to use the same key for both 
>>>>  directions.
>>
>>This would work but it is a wasteful solution. A much simpler and 
>>more efficient solution is to have a clear direction indicator,
>
>What is it you are wasting?  You usually have plenty of keying
>material, relative to the requirements of most symetric algorithms, if you 
>do Diffie-Hellman, and it adds some small amount of cryptographic strengh 
>for the adversary to have to break two keys to see the entire 
>conversation.

What if you want to use Kerberos to distribute keys?  Then, you do not have 
"plenty" pf keying material.

Russ

Follow-Ups:

Re[2]: Two keys to differentiate directions

From: Clifford Neuman <bcn@ISI.EDU>

Prev by Date: Where swIPe IP Security Protocol
Next by Date: Re[2]: Two keys to differentiate directions
Prev by thread: Re: Two keys to differentiate directions
Next by thread: Re[2]: Two keys to differentiate directions
Index(es):
- Main
- Thread