RE: unable to get GET !!plz help

the PUB key of the key server is used to identify the server to the group
members during rekey

KEK is used between the GM's and the Key server. Comparable to ISAKMP Phase
1

TEK, comparable to Phase 2, is sent to the GM's from the KS's to keep the
proxy identities consistent thus maintaining an accurate encryption domain.

Regards,
 
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
ehtesham ali
Sent: Wednesday, November 17, 2010 7:29 PM
To: ccielab_at_groupstudy.com
Subject: Re: unable to get GET !!plz help

kindly note that i m not using any certificates for isakmp tunnel . ie my
isakmp tunnel is only based on pre shared key .

On Thu, Nov 18, 2010 at 5:51 AM, ehtesham ali
<conect2ehtesham_at_gmail.com>wrote:

> hi group , really confused with different keys used in GET vpn
>
> my understanding ,
> * initial protection is provided by isakmp tunnel where gm's download kek
,
> tek and acl.
>
> *now when gm talk to another gm he will use tek which is common for all .
> sounds like symmetric key.
>
> * isakmp vanishes , tek key refreshment timer expires , now the next tek
is
> encrypted with kek and pushed by key server.
>
> questions ?
>
> where i m confused : when will the ks , gm's used RSA private and public
> keys ???
>
> is it that ks uses gm's public keys to send new tec ???
>
> As tec is refreshed periodically by encrypting it with kek. does that mean
> kek remains same ie constant as downloaded from ks and ONLY TEC CHANGES
> .?
>
> ---> kindly tell me the application of private and pulic keys in gdoi
> environment
>
> thanks in advanced

Blogs and organic groups at http://www.ccie.net
Received on Wed Nov 17 2010 - 21:23:56 ART