[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: working keys
Hugo:
I prefer the model that is described in the draft IEEE 802.10c key
management protocol document. I posted a note a month ago about the
anonymous FTP location for that document.
In the IEEE 802.10c model, the SAID denotes a shared symmetric key and its
associated attributes. If the key needs to be "refreshed" then the
SPAWN_SA exhange is used. SPAWN_SA can use a one way function to transform
the current traffic key into a "fresh" one, but a new SAID is assigned. I
believe that the assignment of the new SAID is critical. This avoids all
possible confusion about which key or attributes apply to a particular
datagram.
Russ