[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Combining key mgmt & ESP (was Re: Bellovin's attack and ...)



I was wondering the same thing. Can you elaborate on your implementation
of this?

	From pau@watson.ibm.com  Tue Apr 11 16:56:05 1995
	Delivery-Date: Tue, 11 Apr 95 16:56:06 -0400
	Received: from mgoblue.bellcore.com (mgoblue.bellcore.com [128.96.59.79]) by faline.bellcore.com (8.6.9/8.6.10) with ESMTP id QAA20140 for <rubin@faline>; Tue, 11 Apr 1995 16:56:05 -0400
	Received: from flash.bellcore.com (flash.bellcore.com [128.96.32.20]) by mgoblue.bellcore.com (8.6.9/8.6.9) with ESMTP id QAA06807 for <rubin@mgoblue.bellcore.com>; Tue, 11 Apr 1995 16:56:03 -0400
	Received: from watson.ibm.com (watson.ibm.com [129.34.139.4]) by flash.bellcore.com (8.6.9/8.6.9) with SMTP id QAA29093 for <rubin@mgoblue.bellcore.com>; Tue, 11 Apr 1995 16:56:02 -0400
	Received: from WATSON by watson.ibm.com (IBM VM SMTP V2R3) with BSMTP id 4119;
	   Tue, 11 Apr 95 16:51:01 EDT
	Received: from YKTVMV by watson.vnet.ibm.com with "VAGENT.V1.0"
	          id 2263; Tue, 11 Apr 1995 16:51:01 EDT
	Received: from ixextra2.watson.ibm.com by yktvmv.watson.ibm.com
	   (IBM VM SMTP V2R3) with TCP; Tue, 11 Apr 95 16:51:00 EDT
	Received: by ixextra2.watson.ibm.com (AIX 3.2/UCB 5.64/930311)
	          id AA19937; Tue, 11 Apr 1995 16:48:43 -0400
	From: pau@watson.ibm.com (Pau-Chen Cheng)
	Message-Id: <9504112048.AA19937@ixextra2.watson.ibm.com>
	X-Mailer: exmh version 1.5.3 12/28/94
	To: Hilarie Orman <ho@cs.arizona.edu>
	Cc: rubin@mgoblue.bellcore.com, ipsec@ans.net
	Subject: Re: Bellovin's attack and others like it
	In-Reply-To: (Your message of Tue, 11 Apr 95 12:09:54 MST.)
	             <199504111910.AA17458@interlock.ans.net>
	Mime-Version: 1.0
	Content-Type: text/plain; charset="us-ascii"
	Date: Tue, 11 Apr 95 16:48:42 -0500
	Status: RO


	Hilarie, when you say "two layers", do you mean a new transport layer
	protocol (other than TCP, UDP, ICMP, ...) ?


	Regards, Pau-Chen

	> We put two layers side-by-side over the basic packet delivery
	> services.  One layer is for non-key traffic, the other layer consists
	> of only the key management protocol.
	>
	> I favor this arrangement over schemes that use UDP for key management,
	> because I believe it yields a cleaner separation of software functionality
	> and is easier to analyze.