[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Photuris questions

To: bsimpson@morningstar.com
Subject: Photuris questions
From: Hilarie Orman <ho@cs.arizona.edu>
Date: Wed, 13 Sep 1995 14:45:16 -0700
Cc: ipsec@ans.net

We think you might need classes ala ISAKMP to implement Photuris; there are
some ambiguities in the spec that would be solved by them.  It's
possible that we think this only because our reading of Photuris is
more general than is intended, but some things are not clear about
the negotiation.  

Here are a couple of questions.  Can you use one algorithm for hashing during
key exchange, and a different one for the AH algorithm?  Can the
initiator indicate to the responder that it demands that the responder choose
privacy for the responder-initiator ESP? 

Separately, we've stumbled over an issue in the architecture spec that
is reflected in the Photuris draft; it implies that for ESP you can
choose auth AND priv.  I think it means you can choose one or the
other, not both, but we haven't found the clarifying words yet.

Can one SA be used for AH and ESP?  Your recent message indicate this is so.
How does Photuris go about getting keys for the two algorithms?

Prev by Date: Re: replay attacks
Next by Date: Re: replay attacks
Prev by thread: Ran's emails
Next by thread: Re: Photuris questions
Index(es):
- Main
- Thread