[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-des-md5-00.txt

To: pau@watson.ibm.com
Subject: Re: draft-ietf-ipsec-des-md5-00.txt
From: Jim Hughes <hughes@hughes.network.com>
Date: Wed, 01 May 1996 11:42:50 -0500
Cc: sommerfeld@apollo.hp.com, hughes@hughes.network.com, ipsec@TIS.COM
Organization: Network Systems Corporation
References: <9605011423.AA20212@secpwr.watson.ibm.com>
Reply-To: hughes@hughes.network.com
Sender: ipsec-approval@neptune.tis.com

pau@watson.ibm.com wrote:
> 
> Hi, this msg is a response to David's, Bill's and James's msgs.
> 
> I do agree using uni-directional keys is a better solution. It is also
> easy to do, as David pointed out in his msg. In fact, we have been using
> it for a while in our lab and (soon to be) in our product.

I was trying to avoid the product label, but NSC has product experiance with 
asymetric keys.

> My problem is that I don't see uni-directional keys being made mandatory
> in RFC1825, ISAKMP draft 4 nor Oakley draft. I may have misread them.
> If any body sees it, please kindly point it to me.

I can add this to the esp, just like dumbing the keys up was. 

After thinking aobut it, I just need something, anything to break a tie for 
picking a forward and a reverse direction. A flag as to if I am the initiator 
or responder? IP address? Lower SPI? Anyway, if there is a way, I can dumb-up a 
few more keys for directionality?

Comments?

References:

Re: draft-ietf-ipsec-des-md5-00.txt

From: pau@watson.ibm.com

Prev by Date: Re: draft-ietf-ipsec-des-md5-00.txt
Next by Date: Re: draft-ietf-ipsec-des-md5-00.txt
Prev by thread: Re: draft-ietf-ipsec-des-md5-00.txt
Next by thread: Re: draft-ietf-ipsec-des-md5-00.txt
Index(es):
- Main
- Thread