[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Material

To: Naganand Doraswamy <naganand@ftp.com>
Subject: Re: Key Material
From: Daniel Harkins <dharkins@cisco.com>
Date: Thu, 16 Jan 1997 13:50:07 -0800
Cc: isakmp-oakley@cisco.com, ipsec@tis.com
In-Reply-To: Your message of "Wed, 15 Jan 1997 16:53:50 EST." <9701152153.AA01140@ftp.com>
Sender: owner-ipsec@ex.tis.com

> When we negotiate Key Material using Oakley QM, we could negotiate for both
> ESP and AH using two proposals under the same SA payload. The keying
> material we come up with is the same as they are not in separate SA payload.
> Once we come with a keying material, we dont say how the proposals will use
> them for generating keys. 

  Good point. The solution to this problem also convieniently solves another
problem: how to force the 2 SA's that result from a single SA negotiation
(one inbound, one outbound) to have different keys.

  The solution is to hash the SPI into KEYMAT using the negotiated hash 
function. This will be noted in the next version of the draft.

  regards,

    Dan.

References:

Key Material

From: Naganand Doraswamy <naganand@ftp.com>

Prev by Date: IPsec WG Last Call over
Next by Date: Inconsistencies between values and field size
Prev by thread: Re: Key Material
Next by thread: SA payloads and Next payload
Index(es):
- Main
- Thread