[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user-to-user vs. host-to-host keying

> From: Danny.Nessett@eng.sun.com (Dan Nessett)
> This suggests that another way to meet the cryptoanalytic threat to host-to-host
> keying is to change the session key well before 2^32 plaintexts have been
> encrypted. Consequently, I think that requiring IPv6 security implementations
> to support user-to-user keying is too limiting. They can adequately meet
> this threat by judicious session key management.
Seems reasonable to me, but has nothing to do with user-user as opposed
to host-host keying.  All DES keys should be changed before 2^32 blocks.
Big deal.  I can't imagine any TCP session not doing that, on a
user-user basis.