[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: weakness in IKE/DOI specs

To: Daniel Fox <dfox@ennovatenetworks.com>
Subject: Re: weakness in IKE/DOI specs
From: Tero Kivinen <kivinen@ssh.fi>
Date: Tue, 3 Aug 1999 17:14:56 +0300 (EET DST)
Cc: ipsec@lists.tislabs.com, John Shriver <jas@shiva.com>
In-Reply-To: <37A6E90E.78A96F63@ennovatenetworks.com>
Organization: SSH Communications Security Oy
References: <199907281929.PAA20474@brill.shiva.com><199908012359.CAA04562@torni.ssh.fi><37A6E90E.78A96F63@ennovatenetworks.com>
Sender: owner-ipsec@lists.tislabs.com

Daniel Fox writes:
> If we need bigger numbers, we can simply add a new SA Life Type of, say,
> days or GB.  I think that 32 bits is more than enough granularity.

Which will mean that all current distributed products must be updated
to support that. It is quite easy to write a code to support 64 bit
numbers initially (in our code I need to change something like 20
lines of code (c-compiler must have support for 64 bit integers)).

I don't really think it is good idea to add new life types for that
kind of things. 
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

References:

weakness in IKE/DOI specs

From: Tero Kivinen <kivinen@ssh.fi>

Re: weakness in IKE/DOI specs

From: Daniel Fox <dfox@ennovatenetworks.com>

Prev by Date: Re: weakness in IKE/DOI specs
Next by Date: RE: Using Legacy Authentication for IPSRA (was : xauth requiremen ts: vulnerabilities)
Prev by thread: Re: weakness in IKE/DOI specs
Next by thread: PKIX vs draft-ietf-ipsec-pki-req-02.txt
Index(es):
- Main
- Thread