Kings, As far as I know the TEK and KEK are generated by the KS using random number generators. SKEYID_e is used for encryption of GDOI messages. Then for Rekey, the KEK is used.
Regards, Piotr 2011/1/25 Kingsley Charles <[email protected]> > Hi all > > A question which is totally out of the CCIE's scope but if any one has > inputs, please provide. > > As you all know that GDOI messages are protected by ISAKMP Phase 1. > > The ISAKMP Phase 1 generates the following: > > SKEYID_a which authenticates the ISAKMP Phase 1 messages > SKEYID_e which encrypts the ISAKMP Phase 1 messages > SKEYID_d which is used to derive the keying materials for IPSec > > GDOI uses two keys TEK and KEK. > > Is SKEYID_e used to derice the keying material for KEK and TEK? > > > Please don't ask me to refer RFC 3547, I went through it :-) > > With regards > Kings > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
