NewPacketFormat assumes that we can generate as many keys as we want from JFK
securely. Is this true? JFK uses an HMAC with 0, 1, or 2, to generate the
session key or the 2 internal keys it uses, but does not explicitly document
the option to generate more keys by incrementing that number - and it refers
to IKE key extension if you need more bits (it does *not* say increment the
number and stick them together, as you might expect). Is it safe to do what
we have planned, to get separate keys for each direction and in
NewPacketFormat for the IV key and HMAC key?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20080205/55852608/attachment.pgp>
