[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKE must have no Heirs

To: "'Stephen Kent'" <kent@bbn.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>
Subject: RE: IKE must have no Heirs
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Date: Wed, 15 Aug 2001 08:20:13 -0700
Cc: "'Dan Harkins'" <dharkins@lounge.org>, Alex Alten <Alten@home.com>, Kory Hamzeh <kory@avatar.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>, "'mcnelson@mindspring.com'" <mcnelson@mindspring.com>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

> SKIP was a poor choice for any long-lived SA, because SKIP forced 
> every packet to carry SA state information in lieu of exchanging SA 
> establishment messages.

I see no reason why that specific problem could not have been fixed.
If you have a securely established shared secret that is securely bound
to a shared context there should be no per packet state requirement.


		Phill

Phillip

Follow-Ups:

RE: IKE must have no Heirs

From: Stephen Kent <kent@bbn.com>

Prev by Date: XKMS and NIH RE: Simplifying IKE
Next by Date: Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
Prev by thread: RE: IKE must have no Heirs
Next by thread: RE: IKE must have no Heirs
Index(es):
- Main
- Thread