[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Notes about identifier - locator separator

To: RJ Atkinson <rja@extremenetworks.com>
Subject: Re: Notes about identifier - locator separator
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Wed, 6 Nov 2002 06:54:03 +0859 ()
Cc: multi6@ops.ietf.org
In-reply-to: <505D4733-F02F-11D6-812C-00039357A82A@extremenetworks.com> fromRJ Atkinson at "Nov 4, 2002 02:55:05 pm"

Ran;

> > For a receiver to retrieve an appropriate cryptographic key or
> > a communication context for a packet, a long lasting ID in clear
> > text, as an index to the long lasting database of key or context,
> > must be carried by the packet.
> 
> SPIs in ESP/AH are examples of IDs contained in a packet used
> as an index to the Security Association state.  SPIs are not
> normally long-lasting -- typically only valid for the lifetime
> of the SA (plus epsilon).  Any sane key management strategy
> involves changing *session* keys *at least* every 24 hours,
> even for very strong cryptographic algorithms.

We are talking about host identity.

ESP/AH use IP addresses, which identify  hosts, and SPIs.

						Masataka Ohta

References:
- Re: Notes about identifier - locator separator
  - From: RJ Atkinson <rja@extremenetworks.com>

Prev by Date: Re: GSE
Next by Date: Re: identifier uniqueness
Previous by thread: Re: Notes about identifier - locator separator
Next by thread: Re: Notes about identifier - locator separator
Index(es):
- Date
- Thread