[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[4]: On SKIP and non-interactive key management
>Actually, there was some verbal agreement at the last WG to use
>4 bits of the SAID for the IPSP protocol version number, and
>the remaining as part of the SAID. Since, at this point in time,
>there isn't yet an online draft of the IPSP, I think it is premature
>to say that important issues like this one have been settled.
There will be a draft late this week. A new editing team is scrambling to pull
it complete it.
The draft contains a 32 bit SAID field. The top order bits will be reserved (5
or 6 high order bits set to zero) to allow for possible Version Number, PDU
Type, and multicast bit.
Paul
_______________________________________________________________________________
Subject: Re: Re[2]: On SKIP and non-interactive key management
Author: Ashar.Aziz@eng.sun.com@INTERNET
Date: 11/29/94 6:33 PM
>From housley@spyrus.com Mon Nov 21 13:47:31 1994
>The SAID should be used to indirectly tell which algorithms and modes are being
>used. In a sence, the agreement of a key between two parties is the
>establishment of a connection, only we call it a security association.
Russ,
If you read the SKIP draft, you will realize why interactivley negotiating
SAIDs is not a good idea, when one is not interactively negotiating
keys.
>I thought that this group agreed on 32 bit SAIDs with the high order bit
>reserved for multicast security associations. When did the issue
>get reopened?
Actually, there was some verbal agreement at the last WG to use
4 bits of the SAID for the IPSP protocol version number, and
the remaining as part of the SAID. Since, at this point in time,
there isn't yet an online draft of the IPSP, I think it is premature
to say that important issues like this one have been settled.
Ashar.