[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Retransmits in traffic count?
On Fri, 06 Aug 1999 15:44:12 EDT you wrote
> Look at it this way. You are not denying that increased traffic on an Isakmp
> SA will theoretically make it easier to break, you are just saying that if
> it does get broken then who cares? In that case, why do we bother encrypting
> the last few messages of Main Mode? And why do we even bother with phase 1
> rekeying?
No, I'm saying that to break an IKE SA (to acquire knowledge of SKEYID_d)
is not dependant on the amount of traffic the IKE SA protects with SKEYID_e.
And I don't know why you bother with phase 1 rekeying but I do because the
entropy in SKEYID_d is finite. It is just this point that makes the new
lifetype suggested by Kivenen valuable.
Dan.
References: