[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Son-of-IKE Selection Criteria?

To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Subject: Re: Son-of-IKE Selection Criteria?
From: Derek Atkins <warlord@mit.edu>
Date: 05 Dec 2001 15:32:40 -0500
Cc: "'Walker, Jesse'" <jesse.walker@intel.com>, ipsec@lists.tislabs.com
In-Reply-To: "Hallam-Baker, Phillip"'s message of "Mon, 3 Dec 2001 11:19:26 -0800"
References: <2F3EC696EAEED311BB2D009027C3F4F4058698B0@vhqpostal.verisign.com>
Sender: owner-ipsec@lists.tislabs.com

Phill,

"Hallam-Baker, Phillip" <pbaker@verisign.com> writes:

> 1. Issue every device an IP identity credential bound to its IP address.
> 	This is the ONLY form of identity that can provably prevent any 
> 	additional disclosure of identity in an IP environment since your
> 	IP address is known in any case.
> 
> 2. Perform two sequential key agreements, ]
> 	first an IP address based agreement
> 	second an identity based agreement encrypted under the key of (1).
> 

How would you cope with machines with dynamic IP address?

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

References:

RE: Son-of-IKE Selection Criteria?

From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

Prev by Date: Please save the pre-shared key mode
Next by Date: Re: Comments on IKEv2
Prev by thread: RE: Son-of-IKE Selection Criteria?
Next by thread: Re: Son-of-IKE Selection Criteria?
Index(es):
- Main
- Thread