[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Status of IPSEC Key Management
Ref: Your note of Mon, 9 Sep 1996 13:55:42 -0400 (attached)
> Note that mny message was not intended as an endorsement of SKIP.
> Neither of the examples I gave of work we were doing used SKIP exactly.
> Instead, we used the underlying concept of SKIP in a particular context,
> without making use of the SKIP header. So, my point in sending the message
> was to raise an isse in terms of what functionality the WG believes it
> needs in a key management porotocol for IPSEC. One possible answer is that
Steve, can you point out to what functionality of SKIP you are
referring to: is that the in-line keying or is it the 0-round
key agreement based on DH-certicates?
These two aspects are not necessarily bound together.
For example, you can use in-line keying based on a key-encrypting-key derived
in some other way (Oakley, for example), or you can use DH-certificates
as the basis for a hand-shake to derive fresh keys.
Also, when you say SKIP you mean plain SKIP or SKIP with PFS?
I believe a clarification here will be useful.
Thanks,
Hugo