[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SIPP and SKIP. 2 subjects.

To: hughes@hughes.network.com, perry@imsi.com
Subject: Re: SIPP and SKIP. 2 subjects.
From: ashar@firstperson.com (Ashar Aziz)
Date: Mon, 1 Aug 94 12:42:02 PDT
Cc: ipsec@ans.net


>From ipsec-request@ans.net Mon Aug  1 11:35:07 1994
> Explicitly assigning a security identifier is a
>cheap operation. Once assigned, a particular SAID might identify all
>subsequent packets bearing it as SKIP-style "implicit key exchange"
>encrypted packets. However, I'm very reluctant to support use of the
>four bit version field (which in the draft I am defining as an Must Be
>Zero field, at least for the moment) for this purpose, since it seems
>that the same purpose can be cheaply achieved without using the
>version space. Using the version number seems to just be a way to
>end-run around assigning a SAID for the purpose, which, as I said, is
>cheap.

Yes, as I mentioned at the presentation, my proposal was to assign
a few SAIDs for use by SKIP. This seems like the best way to
do things. I am contemplating three or four SAIDs at the moment,
one for default encryption context, one (or two) for integrity-only
and another for supporting ephemeral SKIP contexts.

Ashar.

Follow-Ups:

Re: SIPP and SKIP. 2 subjects.

From: Steve Kent <kent@BBN.COM>

Prev by Date: Thoughts on a basic encryption mode
Next by Date: Re: SIPP and SKIP. 2 subjects.
Prev by thread: Re: IPSP negotiation
Next by thread: Re: SIPP and SKIP. 2 subjects.
Index(es):
- Main
- Thread