[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: weakness in IKE/DOI specs

To: <jas@shiva.com>, <ipsec@lists.tislabs.com>
Subject: Re: weakness in IKE/DOI specs
From: "Hilarie Orman" <HORMAN@novell.com>
Date: Thu, 29 Jul 1999 12:52:00 -0600
Sender: owner-ipsec@lists.tislabs.com

Depends on the cipher and the key, doesn't it?   One can foresee that
the 32 bit limit will be too small, not in the immediate future, but almost
surely within 10 years.   

Hilarie

>>> John Shriver <jas@shiva.com> 07/28/99 01:29PM >>>

Moreover, as a security feature, we know that you really don't want
large lifetimes anyway.  Too much ciphertext on too little key.

I think it is perfectly appropriate to limit these to 32 bits, with
the range being 0 to (2^32)-1.  I don't think there is any sensible
justification to allow 64 bit values, that's just too long a
lifetime.

Prev by Date: RE: weakness in IKE/DOI specs
Next by Date: RE: weakness in IKE/DOI specs
Prev by thread: RE: weakness in IKE/DOI specs
Next by thread: RE: weakness in IKE/DOI specs
Index(es):
- Main
- Thread