Re: Calling the question: derived vs. explicit IV

[Robert Moskowitz <rgm3@chrysler.com>]

At 08:48 AM 8/8/97 -0700, Scott G. Kelly wrote:
>
>I'm saying DOI may apply to manually configured SA's. This follows from
>two assumptions: (1) Manually configured SA's will continue to be useful
>even after someone has implemented ISAKMP, i.e. ISAKMP overhead is not
>justifiable in all configurations, and even when ISAKMP implementations
>proliferate, there will still be manual SA configuration. (2) A system
>employing manual SA configuration may require the capability to
>simultaneously utilize SA's in separate DOI's. In that case, the SPD
>entries will have different formats/contents. Hence, DOI applies to
>manual configuration of SA's.

Ah ha!

IMHO, if you view that the KMP drives the security, then you may have to
look at things in this light.

But if the security REQUESTS action by the KMP, then this is unnecessary.
Some policy decides what KMP to use.  It could be, try ISAKMP/Oakley.  If
that doesn't work, try this manual key.


Robert Moskowitz
Chrysler Corporation
(810) 758-8212

---

References:

• Re: Calling the question: derived vs. explicit IV
• From: "Scott G. Kelly" <scott@fet.com>
• Re: Calling the question: derived vs. explicit IV
• From: Ran Atkinson <rja@inet.org>
• Re: Calling the question: derived vs. explicit IV
• From: "Scott G. Kelly" <scott@fet.com>

---

• Prev by Date: Re: Calling the question: derived vs. explicit IV
• Next by Date: Re: key management schemes
• Prev by thread: Re: Calling the question: derived vs. explicit IV
• Next by thread: Re: Calling the question: derived vs. explicit IV
• Index(es):
  • Main
  • Thread