[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Generating Keying Material

To: <ipsec@lists.tislabs.com>
Subject: Generating Keying Material
From: "David Faucher" <dfaucher@lucent.com>
Date: Fri, 15 Nov 2002 13:54:28 -0600
Sender: owner-ipsec@lists.tislabs.com

Section 4.3 of draft-ietf-ipsec-ikev2-03.txt states

   "Keying material will always be derived as the output of the
   negotiated prf algorithm. If the amount of keying material is greater
   than the size of the output of the prf algorithm, we will use the prf
   iteratively..."

Rather than having two methods for generating key material (based on the
size of key material needed vs. the size of the prf output), wouldn't it 
easier to have prf+ generate a pseudo-random stream from which all key 
material is taken?

Keeps it simple and straight forward.

David

Follow-Ups:
- Re: Generating Keying Material
  - From: Uri Blumenthal <uri@lucent.com>
- Re: Generating Keying Material
  - From: Charlie_Kaufman@notesdev.ibm.com

Prev by Date: Re: draft-ietf-ipsec-pki-profile-01.txt
Next by Date: Traffic Selectors
Prev by thread: Re: support for v1 certificates?
Next by thread: Re: Generating Keying Material
Index(es):
- Date
- Thread