[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Combining key mgmt & ESP (was Re: Bellovin's attack and ...)
I was wondering the same thing. Can you elaborate on your implementation
of this?
From pau@watson.ibm.com Tue Apr 11 16:56:05 1995
Delivery-Date: Tue, 11 Apr 95 16:56:06 -0400
Received: from mgoblue.bellcore.com (mgoblue.bellcore.com [128.96.59.79]) by faline.bellcore.com (8.6.9/8.6.10) with ESMTP id QAA20140 for <rubin@faline>; Tue, 11 Apr 1995 16:56:05 -0400
Received: from flash.bellcore.com (flash.bellcore.com [128.96.32.20]) by mgoblue.bellcore.com (8.6.9/8.6.9) with ESMTP id QAA06807 for <rubin@mgoblue.bellcore.com>; Tue, 11 Apr 1995 16:56:03 -0400
Received: from watson.ibm.com (watson.ibm.com [129.34.139.4]) by flash.bellcore.com (8.6.9/8.6.9) with SMTP id QAA29093 for <rubin@mgoblue.bellcore.com>; Tue, 11 Apr 1995 16:56:02 -0400
Received: from WATSON by watson.ibm.com (IBM VM SMTP V2R3) with BSMTP id 4119;
Tue, 11 Apr 95 16:51:01 EDT
Received: from YKTVMV by watson.vnet.ibm.com with "VAGENT.V1.0"
id 2263; Tue, 11 Apr 1995 16:51:01 EDT
Received: from ixextra2.watson.ibm.com by yktvmv.watson.ibm.com
(IBM VM SMTP V2R3) with TCP; Tue, 11 Apr 95 16:51:00 EDT
Received: by ixextra2.watson.ibm.com (AIX 3.2/UCB 5.64/930311)
id AA19937; Tue, 11 Apr 1995 16:48:43 -0400
From: pau@watson.ibm.com (Pau-Chen Cheng)
Message-Id: <9504112048.AA19937@ixextra2.watson.ibm.com>
X-Mailer: exmh version 1.5.3 12/28/94
To: Hilarie Orman <ho@cs.arizona.edu>
Cc: rubin@mgoblue.bellcore.com, ipsec@ans.net
Subject: Re: Bellovin's attack and others like it
In-Reply-To: (Your message of Tue, 11 Apr 95 12:09:54 MST.)
<199504111910.AA17458@interlock.ans.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 11 Apr 95 16:48:42 -0500
Status: RO
Hilarie, when you say "two layers", do you mean a new transport layer
protocol (other than TCP, UDP, ICMP, ...) ?
Regards, Pau-Chen
> We put two layers side-by-side over the basic packet delivery
> services. One layer is for non-key traffic, the other layer consists
> of only the key management protocol.
>
> I favor this arrangement over schemes that use UDP for key management,
> because I believe it yields a cleaner separation of software functionality
> and is easier to analyze.