<[email protected]> writes: > I wonder if this should be worded more generically. This is really > about an external key agreement mechanism. QKD is one such mechanism, > but it isn’t clear to me that the machinery depends on this. > Suppose, for example, that you distributed copies of one-time pad > CDROMs to both locations, and used the key ID as offset in the > one-time-pad data. This is a completely different key agreement > scheme but it would seem to fit just as well. The important point is > that there is an external source of key material, which has the > (assumed) property that the key material is known to the two endpoints > of the IKE exchange, and to no other parties.
I agree that just having an external keying material abstraction makes sense. In particular, thinking about it in a larger context is likely to force clarity on issues of how external keying material is named and numbered, and how to deal with the possibility that bits which should match might not. There are multiple ways to use external material: as OTP, directly as symmettric keys and by including it in the phase 2 hash. We implemented the first and third of these around 2002, and what's been published about that system is at http://dx.doi.org/10.1145/863955.863982
pgpjaURkB16GA.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
