[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Generating Keying Material
Section 4.3 of draft-ietf-ipsec-ikev2-03.txt states
"Keying material will always be derived as the output of the
negotiated prf algorithm. If the amount of keying material is greater
than the size of the output of the prf algorithm, we will use the prf
iteratively..."
Rather than having two methods for generating key material (based on the
size of key material needed vs. the size of the prf output), wouldn't it
easier to have prf+ generate a pseudo-random stream from which all key
material is taken?
Keeps it simple and straight forward.
David