[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Calling the question: derived vs. explicit IV



At 08:35 AM 8/8/97 -0700, Scott G. Kelly wrote:
>
>Not trying to be quarrelsome, just trying to understand: DOI *does*
>apply to manually configured SA's, right? I mean, it's reasonable to say
>that someone might someday manually configure concurrent SA's which
>apply to different DOI's, right?

Let's see here.  At about 17,500' level, SAs drive the
encryption/authentication algorithms and are one of the by-products of a
KMP.  The KMP might be two people on keyboards and phones (ie manual).

There have been 4 KMPs discussed in this workgroup:

Manual
Photuris
SKIP
ISAKMP/Oakley

A KMP that can be used for things other than just IPsec, SHOULD have a DOI.
 ISAKMP/Oakley does.  I suppose that someone could write a DOI for manual.

>> "DOI" is an ISAKMP term.
>
>Agreed. I should never have said it was an 'IPsec term'. What I should
>have said it this: even though DOI is rightly occurs in the ISAKMP
>context, it refers to SA's, i.e. 'domain of interpretation' w.r.t. the
>SA begin defined. Hence, DOI is not irrelevant to manual SA
>configuration.

The ISAKMP/Oakley DOI for IPsec is irrelevant wrt to manual SA
configuration.  It least in my reading of it.


Robert Moskowitz
Chrysler Corporation
(810) 758-8212


References: