[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG last call for IPv4 AH and ESP

To: Dan Nessett <Danny.Nessett@eng.sun.com>
Subject: Re: WG last call for IPv4 AH and ESP
From: Ran Atkinson <rja@bodhi.itd.nrl.navy.mil>
Date: Wed, 22 Feb 1995 13:29:41 -0500
Cc: ipsec@ans.net
In-Reply-To: Danny.Nessett@Eng.Sun.COM (Dan Nessett) "Re: WG last call for IPv4 AH and ESP" (Feb 22, 8:24)
References: <199502221624.IAA22942@elrond.Eng.Sun.COM>
Reply-To: atkinson@itd.nrl.navy.mil
Sender: rja@bodhi.itd.nrl.navy.mil

Dan,

  For that particular case (intermediate router sending an ICMP
message and desiring to authenticate the ICMP message back to the
sender), if a Security Association does not exist the router
could sign it using its private key that is associated with its
Eastlake-Kaufman signed public key available from the DNS and
an RSA signature.  This scales as well as the DNS and hence
as well as the Internet as a whole.

  This tends to confirm my prior existing belief that a non-mandatory,
but openly specified RSA Signature type should be defined for
use with AH.  I have not created such a type yet for lack of time,
but would be happy to include one as a non-mandatory to implement
"Appendix B" in my IPv6 AH draft if someone supplied a spec that would
be implementable using RSAREF.

  So I still do not believe that in-band key management is either
necessary or desirable in this case.

Regards,

Ran
atkinson@itd.nrl.navy.mil

References:

Re: WG last call for IPv4 AH and ESP

From: Danny.Nessett@eng.sun.com (Dan Nessett)

Prev by Date: comments on Photuris
Next by Date: Re: Triple DES passed ANSI X9
Prev by thread: Re: WG last call for IPv4 AH and ESP
Next by thread: Re: WG last call for IPv4 AH and ESP
Index(es):
- Main
- Thread