[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: >Re[2]- SIPP and SKIP. 2
Reply to: RE>>Re[2]: SIPP and SKIP. 2
>> Ashar,
>>
>> DEC devised a clever way to use per-SA keys, without
Note- DEC has patented this clever technique.
>> requiuring each SDE entity to have a table of the keys. The approach
>> used was to transmit the session (per-SA) key encrypted in the master
>> key of the receiving SDE entity. This encrypted form of the session
>> key was supplied by the receiving entity itself (so there is no need
>> to shre this master key) as part of SA establishment. The session key
>> was constant for the duration of the SA, but each new SA can have a
>> new session key. This is consistent with the commnet Russ made about
>> the MDF vaule being constant per SA.
>>
>To fit our precise model, that would require a 64-bit SAID.
No it would not. The per-SA encrypted key could just be included in the
front of the initial security transformation specific stuff much like an IV.
Paul
Follow-Ups: