[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DH vs. RSA use for symmetric key exchange

> Is PFS intended to cover the risk associated with an RSA private key being
> compromised?  If so, I assume it would apply to DH keys as well if they get
> reused.  An optimization in IKE ( I think ) is the ability to reuse DH keys
> to establish multiple SAs and generate multiple keys.  Is there any
> recommendation on how many SAs can be generated or for how long a DH key can
> be used?

I've never previously seen a suggestion that IKE should use
non-ephemeral DH keys, so it's fair to say, "one DH key, one (phase 1)
SA" and "one DH key, one (phase 2 with pfs) SA".

					- Bill

Follow-Ups: References: