[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Human I&A, IPsec, and their non-relationship

To: ho@cs.arizona.edu (Hilarie Orman)
Subject: Re: Human I&A, IPsec, and their non-relationship
From: uri@watson.ibm.com
Date: Thu, 15 Dec 1994 16:30:26 -0500 (EST)
Cc: atkinson@sundance.itd.nrl.navy.mil, ipsec@ans.net
In-Reply-To: <199412152105.OAA06892@umbra.CS.Arizona.EDU> from "Hilarie Orman" at Dec 15, 94 02:05:03 pm
Reply-To: uri@watson.ibm.com

Hilarie Orman says:
> The motivation for per-user keying based on chosen plaintext seems
> unconvincing to me.  The amount of data sent per key can be controlled
> by the OS, and adjusted to a conservative value based on the algorithm
> in use.  Wouldn't it be cheaper and safer to rekey host-host
> connections than to negotiate and rekey many user/host keys?

Oh yes! Not only cheaper, but *simpler*! And I think, KISS ideology
saved more than one life (:-).
--
Regards,
Uri         uri@watson.ibm.com      N2RIU
-----------
<Disclamer>

Follow-Ups:

Proposal: user-keys are implementation decision

From: " " <amir@watson.ibm.com>

Re: Human I&A, IPsec, and their non-relationship

From: Phil Karn <karn@unix.ka9q.ampr.org>

References:

Re: Human I&A, IPsec, and their non-relationship

From: Hilarie Orman <ho@cs.arizona.edu>

Prev by Date: Re: Human I&A, IPsec, and their non-relationship
Next by Date: Known Key attack references (note from Yacov Yacobi)
Next by thread: Re: IPSEC at Dec IETF
Index(es):
- Main
- Thread