[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: SIPP and SKIP. 2 subjects.

To: Steve Kent <kent@BBN.COM>
Subject: Re: Re[2]: SIPP and SKIP. 2 subjects.
From: smb@research.att.com
Date: Thu, 04 Aug 94 10:24:30 EDT
Cc: Ashar Aziz <ashar@firstperson.com>, ipsec@ans.net

	 Ashar,

	 	DEC devised a clever way to use per-SA keys, without
	 requiuring each SDE entity to have a table of the keys.  The approach
	 used was to transmit the session (per-SA) key encrypted in the master
	 key of the receiving SDE entity.  This encrypted form of the session
	 key was supplied by the receiving entity itself (so there is no need
	 to shre this master key) as part of SA establishment. The session key
	 was constant for the duration of the SA, but each new SA can have a
	 new session key.  This is consistent with the commnet Russ made about
	 the MDF vaule being constant per SA.

To fit our precise model, that would require a 64-bit SAID.

Prev by Date: Re: working keys
Next by Date: Re: Re[2]: SIPP and SKIP. 2 subjects.
Prev by thread: Re: Re[2]: SIPP and SKIP. 2 subjects.
Next by thread: Re: Re[2]: SIPP and SKIP. 2 subjects.
Index(es):
- Main
- Thread