Re: draft-ietf-ipsec-des-md5-00.txt

[Hilarie Orman <ho@cs.arizona.edu>]

Here's my view.  Oakley doesn't set IPSEC SPI keys per se --- ISAKMP
does this.  And ISAKMP will need to define how it derives each SPI key
from the Oakley keying material.  Prepending a counter to the keying
material and hashing would seem the obvious answer ... a "0" for one
direction, "1" for the other, higher numbers for deriving keys for a
"block of SPIs".

---

References:

• Re: draft-ietf-ipsec-des-md5-00.txt
• From: Jim Hughes <hughes@hughes.network.com>

---

• Prev by Date: Re: draft-ietf-ipsec-des-md5-00.txt
• Next by Date: Re: draft-ietf-ipsec-des-md5-00.txt
• Prev by thread: Re: draft-ietf-ipsec-des-md5-00.txt
• Next by thread: Re: draft-ietf-ipsec-des-md5-00.txt
• Index(es):
  • Main
  • Thread