Manual keying and replay prevention and ISAKMP negotiation

[Rodney Thayer <rodney@sabletech.com>]

Does it make sense to talk about automatic negotiation of manual keying?
The DOI has parameters for the manual case.  Are people expecting that an
ISAKMP implementation would potentially somehow decided to negotiate manual
keying?  Isn't the DOI only relevant to the ISAKMP (i.e. automatic key
negotiation) schemes?

>Date: Fri, 4 Apr 1997 11:48:15 -0500
>From: Norman Shulman <norm@border.com>
>X-Sender: norm@rafael.rnd.border.com
>To: ipsec@tis.com
>Subject: Manual keying and replay prevention
>Sender: owner-ipsec@ex.tis.com
>
>The new auth and esp drafts contain the following identical wording:
>
>4. Conformance Requirements
>
>   Note that support for
>   manual key distribution is required, but its use is inconsistent with
>   the anti-replay service, and thus a compliant implementation must not
>   negotiate this service in conjunction with SAs that are manually
>   keyed.  
>
>Why not?
>
>Thanks.
>
>Norm
>
>                   Norman Shulman      Secure Computing Canada
>     	        Systems Developer      Tel 1 416 813 2075
>                  norm@border.com      Fax 1 416 813 2001
>
>
>

--------
Rodney Thayer <rodney@sabletech.com>
PGP: BB1B6428 409129AC  076B9DE1 4C250DD8

---

Follow-Ups:

• Re: Manual keying and replay prevention and ISAKMP negotiation
• From: Derrell Piper <piper@cisco.com>

---

• Prev by Date: Manual keying and replay prevention
• Next by Date: Re: Manual keying and replay prevention and ISAKMP negotiation
• Prev by thread: Re: Manual keying and replay prevention
• Next by thread: Re: Manual keying and replay prevention and ISAKMP negotiation
• Index(es):
  • Main
  • Thread