1 - 2 - 3 - 4 - 6 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X
session
Click on the red underlined text to get to the source
...
Photuris [Firefly] establishes short-lived session-keys between two
parties, without passing the session-keys across the Internet ...
... Firefly] establishes short-lived session-keys between two
parties, without passing the session-keys across the Internet. These
session ...
... session-keys across the Internet. These
session-keys directly replace the long-lived secret-keys (such as
passwords ...
... algorithm and algorithm mode), the key(s)
(such as a session-key, secret-key, or appropriate
public/private key ...
... A number that indicates a particular set of uni-
directional attributes used under a Security
Association, such as transform(s) and session-
key(s). The number is relative to the IP
...
... parameters.
session-key A key that is independently derived from a shared-
secret by the parties, and used for keying one
direction of traffic ...
...
In addition, the shared-secret provides a basis to generate
separate session-keys in each direction, which are in turn used
for conventional authentication or encryption ...
... 4. Additional messages may be exchanged to periodically change the
session-keys, and to establish new or revised Security Parameters.
...
... values (one in each direction). Each SPI is used in creating
separate session-key(s) in each direction.
The SPI ...
... Exchange-Values are discovered to be unchanged, the previously
calculated shared-secret can be used to rapidly generate new
session-keys.
...
...
[make SPI session-keys in each direction]
The exchange of messages is ordered, although the formats and
...
... The Responder calculates the SPI session-keys in both directions.
At this time, the Responder ...
... The Initiator calculates the SPI session-keys in both directions.
At this time, the Initiator ...
... Session-Key Computation ...
...
Each SPI has one or more session-keys. These keys are generated
based on the attributes of the SPI. See the "Basic Attributes" for
...
... create
the SPI session-key for that particular attribute. This function is
calculated over the following concatenated values:
...
... direction, and the Verification field is also likely to be different
in each direction, the resulting session-key will usually be
different in each direction.
...
... The exact details of the Verification field and generation-keys
that are included in the session-key calculation are dependent on
the Identity-Choices, as described in the "Basic Attributes".
...
... encryption attributes are used for
the same SPI, there may be multiple session-keys associated with
the same SPI. These session ...
... session-keys associated with
the same SPI. These session-keys are generated in the order of
the Attribute-Choices list.
...
... Update is silently discarded.
The new session-keys are calculated in the same fashion as the
Identity_Messages. Since the SPI value ...
... SPI during the Exchange LifeTime of the shared-secret, the
resulting session-keys will necessarily be different from all others
used in the same direction.
...
... Exchange-Values based on private-secret values results in a mutual
shared-secret between the parties. This shared-secret can be used on
its own, or to generate a series of session-keys for authentication
and encryption ...
... This specification recommends that the exponent length be at least
twice the desired cryptographic strength of the longest session-key
needed by the strongest offered-attribute.
...
... + the computed shared-secret.
For "Session-Key Computation", the symmetric secret-key is used
directly as the generation-key.
...
... cryptographic strength.
As described in "Session-Key Computation", the most significant 384-
bits (48 bytes) of the Key-Generation-Function iterations are used
...
...
where the key is the SPI session-key.
The additional datafill protects against the (impractical) attack ...
... Verification values affect the calculation of SPI session-keys that
are highly likely to be different in each direction (see "Session-Key
...
... SPI session-keys that
are highly likely to be different in each direction (see "Session-Key
Computation").
...
...
Hilarie Orman suggested adding secret "nonces" to session-key
generation for asymmetric public/private-key identity methods ...