[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) Re: Proposed message on perfect forward security

To: Danny.Nessett@eng.sun.com (Dan Nessett)
Subject: Re: (IPng) Re: Proposed message on perfect forward security
From: Steve Deering <deering@parc.xerox.com>
Date: Tue, 14 Mar 1995 20:58:28 PST
Cc: ipng@sunroof.eng.sun.com, ipsec@ans.net, deering@parc.xerox.com
In-Reply-To: Danny.Nessett's message of Tue, 14 Mar 95 11:40:52 -0800. <199503141940.LAA06109@elrond.Eng.Sun.COM>
Sender: Steve Deering <deering@parc.xerox.com>

Dan,

> No. In-band keying will not work with the present IPv6 specs. This issue
> is independent of SKIP. The problem is there is no place to indicate in
> either the AH or ESP that in-band keying is being used.

I haven't had time to follow the great In-Band/Out-of-Band keying debate
in detail, so please excuse me if this is off-base.  I thought I saw the
suggestion that one of the reserved SAID values could be assigned the role
of indicating the presence of in-packet keying material.  Alternatively, you
could use an option in a Destination (formerly End-to-End) Options header
preceding the AH or ESP header to carry the in-packet key stuff.  Is it
simply the lack of a spec that defines either of those alternatives that
leads you to say "In-band keying will not work with the present IPv6 specs."?
If so, feel free to write such a spec.

Steve

Prev by Date: Re: (IPng) Proposed message on perfect forward security
Next by Date: Re: Diffie's comments on Photuris
Prev by thread: Re: (IPng) Re: Proposed message on perfect forward security
Next by thread: Re: (IPng) Re: Proposed message on perfect forward security
Index(es):
- Main
- Thread