[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: simultaneous lifetime type support required?
>>>>> "Tero" == Tero Kivinen <kivinen@ssh.fi> writes:
Tero> I agree, that you propably don't transfer that much data that it would
Tero> make it easier to break the encryption of phase 1 sa, but you can also
Tero> use the kilobyte lifetime to limit how many phase 2 negotiations can
Tero> be negotiated using that phase 1 sa.
Yes, that is a good point.
It would be approximate, but that would still be useful.
:!mcr!: | Network and security consulting/contract programming
Michael Richardson | I do IPsec policy code for SSH <http://www.ssh.fi/>
Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>.
ON HUMILITY: To err is human, to moo bovine.
References: