Re: Calling the question: derived vs. explicit IV

["Scott G. Kelly" <scott@fet.com>]

Theodore Y. Ts'o wrote:

> I think there's a major misunderstanding about what the term DOI means.
> A particular DOI defines the messages and exchanges used in the ISAKMP
> protocol.  As such, if you're not using ISAKMP, you can't be using "DOI"
> in the ISAKMP context.
> 
> I think you're trying to talk about something completely different;
> perhaps it would be helpful if you could precisely define the term which
> you're trying to use?  We can then either come up with the proper term,
> or if one doesn't exist, we can invent one.  :-)
> 
           
Yes, perhaps this is correct. In terms of my references to DOI w.r.t. SA
configuration (manual or otherwise) I'm thinking of the interpretation
constraints which shape the format and content of security policy
database entries. 

My current design for manual SA configuration utilizes a SPD (I didn't
call it that before reading the recent [IPSEC-ARCH] posting), and in
preparing the design I am allowing for future SA configuration which
might provide security over different network layers, or might use
different (perhaps as yet unimagined) security schemes.

I have been using the term 'DOI' to distinguish between these different
entry types, i.e. the domain-of-interpretation is the selector for the
format/content interpretation. I've just been looking at the DOI
document, and see where this (that is, my) interpretation is confused.

My apologies for any confusion I've caused...

Scott

---

References:

• Re: Calling the question: derived vs. explicit IV
• From: "Theodore Y. Ts'o" <tytso@MIT.EDU>

---

• Prev by Date: Re: Calling the question: derived vs. explicit IV
• Next by Date: PKI draft based on PKCS#10 and PKCS#7
• Prev by thread: Re: Calling the question: derived vs. explicit IV
• Next by thread: Re: DOI terminology question
• Index(es):
  • Main
  • Thread