On Tue, 9 Jul 2024, Linda Dunbar wrote:
1. The IPsec tunnel itself provides a secure channel for transmitting the
authentication keys. This ensures that the keys
are protected from eavesdropping or tampering during distribution.
2. Reuse the existing IPsec keys as input to a key derivation function (KDF).
The KDF generates unique authentication keys
that are cryptographically linked to the IPsec keys but not directly
exposed. This adds a layer of protection, even if
the IPsec keys are compromised.
Re-using keys for different purposes is not recommend on principle. Some
certifications (eg FIPS) also forbid dual use of the same key(pair).
Paul
_______________________________________________
IPsec mailing list -- ipsec@ietf.org
To unsubscribe send an email to ipsec-le...@ietf.org
