[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The remaining IKEv2 issues

To: Uri Blumenthal <uri@lucent.com>
Subject: Re: The remaining IKEv2 issues
From: Stephen Kent <kent@bbn.com>
Date: Wed, 27 Aug 2003 14:51:44 -0400
Cc: Yoav Nir <ynir@CheckPoint.com>, ipsec@lists.tislabs.com
In-Reply-To: <3F4CF5C2.7070704@lucent.com>
References: <11F4181E-D605-11D7-8A52-000A95834BAA@checkpoint.com><3F4CF5C2.7070704@lucent.com>
Sender: owner-ipsec@lists.tislabs.com

At 14:17 -0400 8/27/03, Uri Blumenthal wrote:
>On 8/24/2003 3:32 AM, Yoav Nir wrote:
>>  Hi Uri,
>
>Hi, and thanks for your response.
>
>>  Re: not using kg methods.  SecurID belongs to a certain vendor, and
>>  they can create a kg method that suits them.  In fact, they have, but
>>  they won't publish the spec, so I can't implement it.
>
>Yes, but what I had in mind is - at the very worst we can mix the
>data from the exchange into the key generation mechanism input.
>
>Would it not make sense?

We have managed to cleanly separate the key generation function from 
the authentication function in IKE v2 and I think it would be 
preferable to keep them separate.

Steve

Follow-Ups:
- Re: The remaining IKEv2 issues
  - From: Uri Blumenthal <uri@lucent.com>

References:
- Re: The remaining IKEv2 issues
  - From: Yoav Nir <ynir@CheckPoint.com>
- Re: The remaining IKEv2 issues
  - From: Uri Blumenthal <uri@lucent.com>

Prev by Date: Re: IKEv2 SA rekeying - naming an initial SA
Next by Date: Re: IKEv2 SA rekeying - naming an initial SA
Prev by thread: Re: The remaining IKEv2 issues
Next by thread: Re: The remaining IKEv2 issues
Index(es):
- Date
- Thread