[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE key question

To: "George Hadjichristofi" <ghadjich@vt.edu>
Subject: Re: IKE key question
From: Charlie_Kaufman@notesdev.ibm.com
Date: Mon, 14 Jul 2003 16:10:47 -0400
Cc: "Ipsec" <ipsec@lists.tislabs.com>
In-Reply-To: <NGBBJKFPKLLPDJAPGACCGEPHDJAA.ghadjich@vt.edu>
Sender: owner-ipsec@lists.tislabs.com

"George Hadjichristofi" <ghadjich@vt.edu wrote on 07/09/2003 07:35:37 PM: > Hi, > > I have a few questions with regards to the usage of keys. > > After an IKE negotiation, what key is used to encrypt data between two > communicating entities? > > Is it the SKEYID_e key derived during the IKE negotiation or is it the > shared/public key?
SKEYID_e is used to encrypt subsequent data that is encoded using IKE.
Data encoded using ESP is encrypted using a key derived from SKEYID_d and
data from the quick mode exchange. The long term shared/public keys are
only used with a small amount of data at the beginning of the IKE
negotiation.

--Charlie Kaufman

References:
- IKE key question
  - From: "George Hadjichristofi" <ghadjich@vt.edu>

Prev by Date: RE: interoperability issue with 'lifekbytes'
Next by Date: Fwd: IPsec ESN addendum -- Last Call revisions
Prev by thread: IKE key question
Next by thread: RFC 3554 on On the Use of Stream Control Transmission Protocol (SCTP) with IPsec
Index(es):
- Date
- Thread