[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Human I&A, IPsec, and their non-relationship

Subject: Re: Human I&A, IPsec, and their non-relationship
From: "Housley, Russ" <housley@spyrus.com>
Date: Fri, 16 Dec 94 08:44:10
Cc: ipsec@ans.net
Encoding: 533 Text


Hilarie Orman says:
> The motivation for per-user keying based on chosen plaintext seems
> unconvincing to me.  The amount of data sent per key can be controlled 
> by the OS, and adjusted to a conservative value based on the algorithm 
> in use.  Wouldn't it be cheaper and safer to rekey host-host
> connections than to negotiate and rekey many user/host keys?

Completely agree.

Further, I think that selection of the security association should be based 
on information that is normally used in the IP layer.

Russ

Prev by Date: Re[2]: Human I&A, IPsec, and their non-relationship
Next by Date: Proposal: user-keys are implementation decision
Next by thread: Re: IPSEC at Dec IETF
Index(es):
- Main
- Thread