[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: working keys

To: ipsec@ans.net
Subject: Re: working keys
From: "Housley, Russ" <housley@spyrus.com>
Date: Fri, 05 Aug 94 06:12:35
Encoding: 670 Text




Hugo:

I prefer the model that is described in the draft IEEE 802.10c key 
management protocol document.  I posted a note a month ago about the 
anonymous FTP location for that document.

In the IEEE 802.10c model, the SAID denotes a shared symmetric key and its 
associated attributes.  If the key needs to be "refreshed" then the 
SPAWN_SA exhange is used.  SPAWN_SA can use a one way function to transform 
the current traffic key into a "fresh" one, but a new SAID is assigned.  I 
believe that the assignment of the new SAID is critical.  This avoids all 
possible confusion about which key or attributes apply to a particular 
datagram.

Russ

Prev by Date: Re: SAIDs and formats
Next by Date: Re: Versions
Prev by thread: Re: working keys
Next by thread: Re: reserving some SAIDs (re: Karn re: dee re: Ran...)
Index(es):
- Main
- Thread