[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simultaneous lifetime type support required?




>>>>> "Tero" == Tero Kivinen <kivinen@ssh.fi> writes:
    Tero> I agree, that you propably don't transfer that much data that it would
    Tero> make it easier to break the encryption of phase 1 sa, but you can also
    Tero> use the kilobyte lifetime to limit how many phase 2 negotiations can
    Tero> be negotiated using that phase 1 sa.

  Yes, that is a good point.
  It would be approximate, but that would still be useful.

   :!mcr!:            |  Network and security consulting/contract programming
   Michael Richardson |   I do IPsec policy code for SSH <http://www.ssh.fi/>
 Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
 Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>. 
	ON HUMILITY: To err is human, to moo bovine.



References: