[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bellovin's and Ashar's attacks

To: Danny.Nessett@eng.sun.com (Dan Nessett)
Subject: Re: Bellovin's and Ashar's attacks
From: "Perry E. Metzger" <perry@imsi.com>
Date: Thu, 13 Apr 1995 12:48:27 -0400
Cc: ipsec@ans.net
In-Reply-To: Your message of "Thu, 13 Apr 1995 09:35:05 PDT." <199504131635.JAA04240@elrond.Eng.Sun.COM>
Reply-To: perry@imsi.com


Dan Nessett says:
> >  It can't. You decrypt it first and then pass it along with information
> >  to the transport that indicates what the transform that had been used
> >  for the encapsulation was before you unencapsulated the packet.
> 
> This seems to confirm my original point that the IP layer will have to
> continually rekey in order to process arriving packets.

In my implementation, I have a key schedule associated with every SA
structure, so I'm "rekeying" in the sense of using different keys for
every packet, but you have to do this no matter what even in host to
host keying.

.pm

Prev by Date: Re: Bellovin's and Ashar's attacks
Next by Date: Re: Bellovin's and Ahar's attacks
Prev by thread: Re: Bellovin's and Ashar's attacks
Next by thread: Re: Bellovin's and Ashar's attacks
Index(es):
- Main
- Thread