[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: notes from developer's portion of IETF meeting



Hilarie,

that might be a fine implementation detail.  I'll spare everyone my
opinion on that.  However, the only point that was decided upon in the
meeting is the onus of specifying the details for generating keys, IVs,
etc...

If the working group wishes to work on an API or ABI for ISAKMP and/or
IPSEC (such as PF_KEY) then issues such as what you mention will need to
be decided upon.

Dave

Hilarie Orman wrote:
> 
> Wouldn't it be easiest to have the transforms present a callback
> routine for key generation?  The routine would take a variable
> precision integer as input (length >= requested entropy) and produce a
> list of bitstrings as output.
> 
> >   slice and dice
> ...
> >          All transforms MUST specify a number of keying bits
> >                  required and how to generate keys, IVs, etc from that
> >                  (# keying bits requested equals the # bits of entropy)
> 
> Hilarie




References: