Re: Calling the question: derived vs. explicit IV

["Scott G. Kelly" <scott@fet.com>]

Ran Atkinson wrote:
> 
> --- On Thu, 07 Aug 1997 16:03:35 -0700  "Scott G. Kelly" <scott@fet.com> wrote:
> 
> > This is an aside to your discussion: why doesn't DOI refer to manual SA
> > configuration and keying?
> 
> While the data elements within the IPsec DOI might well exist in manually
> configured IPsec SAs, the IPsec DOI is a component of the ISAKMP protocol.

This is a follow-up to my last post to clarify a few things. Also, I
apologize for any confusion caused by the various typos - I'll proofread
this and any further posts *before* posting.

Additional clarifications:

I'm saying DOI may apply to manually configured SA's. This follows from
two assumptions: (1) Manually configured SA's will continue to be useful
even after someone has implemented ISAKMP, i.e. ISAKMP overhead is not
justifiable in all configurations, and even when ISAKMP implementations
proliferate, there will still be manual SA configuration. (2) A system
employing manual SA configuration may require the capability to
simultaneously utilize SA's in separate DOI's. In that case, the SPD
entries will have different formats/contents. Hence, DOI applies to
manual configuration of SA's.

Scott

---

Follow-Ups:

• Re: Calling the question: derived vs. explicit IV
• From: Robert Moskowitz <rgm3@chrysler.com>

References:

• Re: Calling the question: derived vs. explicit IV
• From: "Scott G. Kelly" <scott@fet.com>
• Re: Calling the question: derived vs. explicit IV
• From: Ran Atkinson <rja@inet.org>

---

• Prev by Date: Re: Calling the question: derived vs. explicit IV
• Next by Date: Re: Calling the question: derived vs. explicit IV
• Prev by thread: Re: DOI terminology question
• Next by thread: Re: Calling the question: derived vs. explicit IV
• Index(es):
  • Main
  • Thread