[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-des-md5-00.txt
pau@watson.ibm.com wrote:
>
> Hi, this msg is a response to David's, Bill's and James's msgs.
>
> I do agree using uni-directional keys is a better solution. It is also
> easy to do, as David pointed out in his msg. In fact, we have been using
> it for a while in our lab and (soon to be) in our product.
I was trying to avoid the product label, but NSC has product experiance with
asymetric keys.
> My problem is that I don't see uni-directional keys being made mandatory
> in RFC1825, ISAKMP draft 4 nor Oakley draft. I may have misread them.
> If any body sees it, please kindly point it to me.
I can add this to the esp, just like dumbing the keys up was.
After thinking aobut it, I just need something, anything to break a tie for
picking a forward and a reverse direction. A flag as to if I am the initiator
or responder? IP address? Lower SPI? Anyway, if there is a way, I can dumb-up a
few more keys for directionality?
Comments?
References: