[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Questions about PFS and ISAKMP SAs
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Michael" == Michael Richardson <mcr@sandelman.ottawa.on.ca> writes:
Michael> In the absense of PFS for IPsec, we would use up the
Michael> entropy of the original ISAKMP SA's DH pair. Since we use
^at which point, having used all the entropy in the original ISAKMP
DH pair, we might simply do phase I again to get new a DH pair. This
it not required, we could simply do a phase II exchange of a new group.
] ON HUMILITY: to err is human. To moo, bovine. | SSH IPsec [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |international[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |strong crypto[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNHQuAsmxxiPyUBAxAQHsFgL/T/4jsya+US3mDvrjvPWuu0fXoSghALXB
iRMW68CB7soI4RixpQqlzUf0xy48OdUUlYl8V/cGpPvwGelbuXltp1W0y479qO3P
SfdEEgXbzfotW7/UzTFzR2qP6cAn7PbF
=2vp9
-----END PGP SIGNATURE-----
References: