[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IKE must have no Heirs
- To: "'Stephen Kent'" <kent@bbn.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>
- Subject: RE: IKE must have no Heirs
- From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
- Date: Wed, 15 Aug 2001 08:20:13 -0700
- Cc: "'Dan Harkins'" <dharkins@lounge.org>, Alex Alten <Alten@home.com>, Kory Hamzeh <kory@avatar.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>, "'mcnelson@mindspring.com'" <mcnelson@mindspring.com>, ipsec@lists.tislabs.com
- Sender: owner-ipsec@lists.tislabs.com
> SKIP was a poor choice for any long-lived SA, because SKIP forced
> every packet to carry SA state information in lieu of exchanging SA
> establishment messages.
I see no reason why that specific problem could not have been fixed.
If you have a securely established shared secret that is securely bound
to a shared context there should be no per packet state requirement.
Phill
Phillip
Follow-Ups: