Re: SKIP and IPSec

From: Valerie Anne Bubb (Valerie.Bubb@Sun.COM)
Date: 01/15/02


Date: Tue, 15 Jan 2002 09:32:45 -0800 (PST)
From: Valerie Anne Bubb <Valerie.Bubb@Sun.COM>
To: focus-sun@securityfocus.com, adam@gmi.com


>Date: Tue, 8 Jan 2002 22:18:11 -0800
>From: adam morley <adam@gmi.com>
>To: focus-sun@securityfocus.com
>
>If memory serves me, when using skip under solaris, the actual encryption keys
>for encrypting the data on the wire are only used for a given period of time,
>then remade. is this also true for IPSec? ie: does IPSec encrypt the data on
>the wire with a rotating key, or does it use the ones specfied in
>/etc/inet/ipseckeyfile.

Adam -

No, IPsec in Solaris 8 (manual keying only) does not encrypt
using a rotating key, but rather the keys specified by you.

IKE (not available in Solaris 8) should take care of this.

Valerie

--
valerie.bubb@sun.com
bubb@bubb.org