[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) Re: Proposed message on perfect forward security


> No. In-band keying will not work with the present IPv6 specs. This issue
> is independent of SKIP. The problem is there is no place to indicate in
> either the AH or ESP that in-band keying is being used.

I haven't had time to follow the great In-Band/Out-of-Band keying debate
in detail, so please excuse me if this is off-base.  I thought I saw the
suggestion that one of the reserved SAID values could be assigned the role
of indicating the presence of in-packet keying material.  Alternatively, you
could use an option in a Destination (formerly End-to-End) Options header
preceding the AH or ESP header to carry the in-packet key stuff.  Is it
simply the lack of a spec that defines either of those alternatives that
leads you to say "In-band keying will not work with the present IPv6 specs."?
If so, feel free to write such a spec.