Keychain

i

The key identifier expressed as an integer (0...63)

config>system>security>keychain>direction>bi>entry

config>system>security>keychain>direction>uni>receive> entry

config>system>security>keychain>direction>uni>send>entry

A[i]

Authentication algorithm to use with key[i]

config>system>security>keychain>direction>bi>entry with algorithm algorithm parameter.

config>system>security>keychain>direction>uni>receive> entry with algorithm algorithm parameter.

config>system>security>keychain>direction>uni>send>entry with algorithm algorithm parameter.

K[i]

Shared secret to use with key[i].

config>system>security>keychain>direction>uni>receive> entry with shared secret parameter

config>system>security>keychain>direction>uni>send>entry with shared secret parameter

config>system>security>keychain>direction>bi>entry with shared secret parameter

V[i]

A vector that determines whether the key[i] is to be used to generate MACs for inbound segments, outbound segments, or both.

config>system>security>keychain>direction

S[i]

Start time from which key[i] can be used by sending TCPs.

config>system>security>keychain>direction>bi>entry>begin-time

config>system>security>keychain>direction>uni>send>entry >begin-time

T[i]

End time after which key[i] cannot be used by sending TCPs.

Inferred by the begin-time of the next key (youngest key rule).

S'[i]

Start time from which key[i] can be used by receiving TCPs.

config>system>security>keychain>direction>bi>entry>begin-time

config>system>security>keychain>direction>bi>entry> tolerance

config>system>security>keychain>direction>uni>receive> entry>begin-time

config>system>security>keychain>direction>uni>receive> entry>tolerance

T'[i]

End time after which key[i] cannot be used by receiving TCPs

config>system>security>keychain>direction>uni>receive> entry>end-time