[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: the silly bit
> From: "William Allen Simpson" <bsimpson@morningstar.com>
>
> Finally, we have eliminated _many_ possible key management schemes:
>
> - All key management schemes where the SAID is assigned by the Source
> are eliminated. Only Destination assigned SAIDs are used. This is a
> requirement for multicast.
>
> - All key management schemes which do not provide perfect forward
> secrecy are eliminated.
>
> - All key management schemes which are vulnerable to denial of service
> attack are eliminated.
Bill,
The context of this discussion is independence of IPSP from
key-management. Are you saying, e.g. that Kerberos cannot be
used with IPSP because it doesn't provide perfect forward
secrecy?
Ashar.