[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user-to-user vs. host-to-host keying

To: ipsec@ans.net
Subject: Re: user-to-user vs. host-to-host keying
From: "William Allen Simpson" <bsimpson@morningstar.com>
Date: Wed, 8 Mar 95 18:59:58 GMT

> From: Danny.Nessett@eng.sun.com (Dan Nessett)
> This suggests that another way to meet the cryptoanalytic threat to host-to-host
> keying is to change the session key well before 2^32 plaintexts have been
> encrypted. Consequently, I think that requiring IPv6 security implementations
> to support user-to-user keying is too limiting. They can adequately meet
> this threat by judicious session key management.
>
Seems reasonable to me, but has nothing to do with user-user as opposed
to host-host keying.  All DES keys should be changed before 2^32 blocks.
Big deal.  I can't imagine any TCP session not doing that, on a
user-user basis.

Bill.Simpson@um.cc.umich.edu

Prev by Date: SAIDs
Next by Date: Re: user-to-user vs. host-to-host keying
Prev by thread: user-to-user vs. host-to-host keying
Next by thread: Re: user-to-user vs. host-to-host keying
Index(es):
- Main
- Thread