[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Questions about PFS and ISAKMP SAs

To: ipsec@tis.com
Subject: Re: Questions about PFS and ISAKMP SAs
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Thu, 20 Nov 1997 14:33:10 +0200
In-reply-to: Your message of "Thu, 20 Nov 1997 13:50:46 +0200." <199711201150.GAA07754@morden.sandelman.ottawa.on.ca>
Sender: owner-ipsec@ex.tis.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Michael" == Michael Richardson <mcr@sandelman.ottawa.on.ca> writes:
    Michael>   In the absense of PFS for IPsec, we would use up the
    Michael> entropy of the original ISAKMP SA's DH pair. Since we use

  ^at which point, having used all the entropy in the original ISAKMP
DH pair, we might simply do phase I again to get new a DH pair. This
it not required, we could simply do a phase II exchange of a new group.

]       ON HUMILITY: to err is human. To moo, bovine.           |  SSH IPsec  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |international[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |strong crypto[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQB1AwUBNHQuAsmxxiPyUBAxAQHsFgL/T/4jsya+US3mDvrjvPWuu0fXoSghALXB
iRMW68CB7soI4RixpQqlzUf0xy48OdUUlYl8V/cGpPvwGelbuXltp1W0y479qO3P
SfdEEgXbzfotW7/UzTFzR2qP6cAn7PbF
=2vp9
-----END PGP SIGNATURE-----

References:

Questions about PFS and ISAKMP SAs

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Questions about PFS and ISAKMP SAs
Next by Date: Re: finding docs
Prev by thread: Questions about PFS and ISAKMP SAs
Next by thread: Re: Questions about PFS and ISAKMP SAs
Index(es):
- Main
- Thread