[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf_key comments



I thought people were generating the IV once at the initialization of the
S-A but I realize that could be wrong.

The scheme still applies for generating the random seed for an IV, though,
doesn't it?

At 12:03 PM 1/3/97 -0500, you wrote:
>
>Rodney Thayer writes:
>> I am looking into implementing PF_KEY and I have some comments on this too:
>> 
>> 1. I like the idea of sending the IV down from an application.  I think
>> that an application is a reasonable place to do the random number
>> generation because 
>
>Its completely unreasonable to send the IV from the application. Since
>IVs have to be sent on every packet, that would mean you would need to
>do a PF_KEY operation on every packet. This is not going to be
>feasable.
>
>Perry
>
>

               Rodney Thayer <rodney@sabletech.com>       +1 617 332 7292
               Sable Technology Corp, 246 Walnut St., Newton MA 02160 USA
               Fax: +1 617 332 7970           http://www.shore.net/~sable
                           "Developers of communications software"



Follow-Ups: