[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: >Re[2]- SIPP and SKIP. 2

To: ipsec@ans.net (ip security mailing list)
Subject: Re: >Re[2]- SIPP and SKIP. 2
From: Paul_Lambert@poncho.phx.sectel.mot.com (Paul Lambert)
Date: Fri, 5 Aug 1994 11:46:05 MST
Cc: smb#064#research.att.com%INTERNET@email.mot.com (smb 064 research.att.com)

        Reply to:   RE>>Re[2]: SIPP and SKIP. 2 
>>	 Ashar,
>>
>>	 	DEC devised a clever way to use per-SA keys, without

Note- DEC has patented this clever technique.

>>	 requiuring each SDE entity to have a table of the keys.  The approach
>>	 used was to transmit the session (per-SA) key encrypted in the master
>>	 key of the receiving SDE entity.  This encrypted form of the session
>>	 key was supplied by the receiving entity itself (so there is no need
>>	 to shre this master key) as part of SA establishment. The session key
>>	 was constant for the duration of the SA, but each new SA can have a
>>	 new session key.  This is consistent with the commnet Russ made about
>>	 the MDF vaule being constant per SA.
>>
>To fit our precise model, that would require a 64-bit SAID.

No it would not. The per-SA encrypted key could just be included in the
front of the initial security transformation specific stuff much like an IV.

Paul

Follow-Ups:

Re: IPsec and patents

From: Ran Atkinson <atkinson@sundance.itd.nrl.navy.mil>

Re: >Re[2]- SIPP and SKIP. 2

From: Phil Karn <karn@qualcomm.com>

Prev by Date: Re: SAIDs and formats
Next by Date: Key Management Requirements
Prev by thread: Re: Writing
Next by thread: Re: IPsec and patents
Index(es):
- Main
- Thread