[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Status of IPSEC Key Management

To: kent@bbn.com
Subject: Status of IPSEC Key Management
From: HUGO@watson.ibm.com
Date: Mon, 9 Sep 96 16:40:54 EDT
Cc: ipsec@TIS.COM
MMDF-Warning: Parse error in original version of preceding line at neptune.TIS.COM
Sender: ipsec-approval@neptune.tis.com

Ref:  Your note of Mon, 9 Sep 1996 13:55:42 -0400 (attached)

 >         Note that mny message was not intended as an endorsement of SKIP.
 > Neither of the examples I gave of work we were doing used SKIP exactly.
 > Instead, we used the underlying concept of SKIP in a particular context,
 > without making use of the SKIP header.  So, my point in sending the message
 > was to raise an isse in terms of what functionality the WG believes it
 > needs in a key management porotocol for IPSEC.  One possible answer is that

Steve, can you point out to what functionality of SKIP you are
referring to: is that the in-line keying or is it the 0-round
key agreement based on DH-certicates?
These two aspects are not necessarily bound together.
For example, you can use in-line keying based on a key-encrypting-key derived
in some other way (Oakley, for example), or you can use DH-certificates
as the basis for a hand-shake to derive fresh keys.

Also, when you say SKIP you mean plain SKIP or SKIP with PFS?

I believe a clarification here will be useful.

Thanks,

Hugo

Prev by Date: Re: Status of IPSEC Key Management
Next by Date: Re: Status of IPSEC Key Management
Prev by thread: Re: Status of IPSEC Key Management
Next by thread: Re: Status of IPSEC Key Management
Index(es):
- Main
- Thread