[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fwd: Re: Calling the question: derived vs. explicit IV]
- To: ipsec@tis.com
- Subject: [Fwd: Re: Calling the question: derived vs. explicit IV]
- From: "Scott G. Kelly" <scott@fet.com>
- Date: Fri, 08 Aug 1997 11:14:37 -0700
- Organization: Furukawa Electric Technologies, Inc.
- Sender: owner-ipsec@ex.tis.com
Scott G. Kelly wrote:
>
> Robert Moskowitz wrote:
>
> <snip...>
>
> > >> "DOI" is an ISAKMP term.
> > >
> > >Agreed. I should never have said it was an 'IPsec term'. What I should
> > >have said it this: even though DOI is rightly occurs in the ISAKMP
> > >context, it refers to SA's, i.e. 'domain of interpretation' w.r.t. the
> > >SA begin defined. Hence, DOI is not irrelevant to manual SA
> > >configuration.
> >
> > The ISAKMP/Oakley DOI for IPsec is irrelevant wrt to manual SA
> > configuration. It least in my reading of it.
> >
>
> I'm becoming more confused now. The 'ISAKMP/Oakley DOI for IPsec'? The
> only DOI I am currently aware of is the IP DOI for ISAKMP. Here's the
> relevant text from draft-ietf-ipsec-ipsec-doi-02.txt:
>
> Within ISAKMP, a Domain of Interpretation is used to group related
> protocols using ISAKMP to negotiate security associations. Security
> protocols sharing a DOI choose security protocol and cryptographic
> transforms from a common namespace and share key exchange protocol
>
> As Ran correctly pointed out (I think), DOI is an ISAKMP term. As I've
> said in earlier posts, my bandwidth is limited; I haven't read all the
> drafts, and I don't remember all the details in the ones I have read.
> Are there drafts I should read which would straighten out my
> misconceptions here?
>
> Thanks,
>
> Scott