[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: On SKIP and non-interactive key management
Ashar:
>>* The transmission of algorithm identifiers and possibly other security
>>attributes with each packet adds to the overhead even if these values are
>>most of the time fixed for a pair of nodes.
>
>Of course, this kind of argument can be made against an IP header
>as well. One can end up arguing in favor of a connection oriented
>network protocol like X.25 instead of IP, with this line of
>argument. (And precisely some of these arguments were made
>by X.25 proponents).
The SAID should be used to indirectly tell which algorithms and modes are being
used. In a sence, the agreement of a key between two parties is the
establishment of a connection, only we call it a security association.
>>* The attractive notion of unstructured SAIDs that are decided by the local
>>implementation and transmitted to the other party is lost here. Only
>>structured, standardized SAIDs make sense.
>
>What is attractive about unstructured SAIDs? I realize the need
>for IPSP to allow all kinds of key-management, and hence unstructured
>SAIDs, but fail to see anything terribly attractive about unstructured
>SAIDs.
>
>The only thing about SAIDs is that they are decided by a receiving
>node, and if a receiving node chooses structured SAIDs, and
>advertises that in advance, what is wrong with that?
I thought that this group agreed on 32 bit SAIDs with the high order bit
reserved for multicast security associations. When did the issue
get reopened?
Russ