[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: the silly bit

To: ipsec@ans.net
Subject: Re: the silly bit
From: ashar@osmosys.incog.com (Ashar Aziz)
Date: Tue, 28 Feb 1995 16:07:47 -0800


> From: "William Allen Simpson" <bsimpson@morningstar.com>
> 
> Finally, we have eliminated _many_ possible key management schemes:
> 
>  - All key management schemes where the SAID is assigned by the Source
>    are eliminated.  Only Destination assigned SAIDs are used.  This is a
>    requirement for multicast.
> 
>  - All key management schemes which do not provide perfect forward
>    secrecy are eliminated.
> 
>  - All key management schemes which are vulnerable to denial of service
>    attack are eliminated.

Bill,

The context of this discussion is independence of IPSP from
key-management. Are you saying, e.g. that Kerberos cannot be
used with IPSP because it doesn't provide perfect forward 
secrecy?

Ashar.

Prev by Date: Re: (IPng) Proposed Standard or no?
Next by thread: Re: How to authenticate ESP (was risks of MACs)
Index(es):
- Main
- Thread