On Tue, 9 Jul 2024, Linda Dunbar wrote:
1. The IPsec tunnel itself provides a secure channel for transmitting the
authentication keys. This ensures that the keys
are protected from eavesdropping or tampering during distribution.
2. Reuse the existing IPsec keys as input to a key derivatio
Paul,
Thank you very much for the comment.
Is it acceptable to use the existing IPsec keys as input to a key derivation
function (KDF)? The KDF generates unique authentication keys that are
cryptographically linked to the IPsec keys but not directly exposed.
Linda
-Original Message
Might I ask "what problem are you attempting to solve"?
While what you're suggesting *might* be safe, I can't help but feel that
there's a cleaner solution out there...
> -Original Message-
> From: Linda Dunbar
> Sent: Wednesday, July 10, 2024 5:35 PM
> To: Paul Wouters
> Cc: ipsec@iet
Scott,
Our draft
(https://datatracker.ietf.org/doc/draft-dunbar-secdispatch-ligthtweight-authenticate/
describes lightweight authentication methods to prevent malicious actors from
tampering with IP encapsulation headers or the metadata carried by the UDP
Option Header. The IP encapsulation
Tero and Yoav,
Could we have a 10-minute slot at the IETF120 IPsecME session to present
https://datatracker.ietf.org/doc/draft-dunbar-secdispatch-ligthtweight-authenticate/
?
The discussion on the mailing list has convinced us of the benefits of
describing the background and the proposed mech
Hi folks,
This version address the comments raised by Valery (Thank you again for your
review~).
Any comments are more than welcome.
Regards & Thanks!
Wei PAN (潘伟)
-Original Message-
From: internet-dra...@ietf.org
Sent: Monday, July 8, 2024 7:50 PM
To: i-d-annou...@ietf.org
Cc: ipsec
