[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suggestion for SOI wrt PFS

To: "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Subject: Re: Suggestion for SOI wrt PFS
From: Jan Vilhuber <vilhuber@cisco.com>
Date: Sun, 31 Mar 2002 15:00:40 -0800 (PST)
cc: Bill Sommerfeld <sommerfeld@east.sun.com>, <andrew.krywaniuk@alcatel.com>, <ipsec@lists.tislabs.com>
In-Reply-To: <200203291820.g2TIKOOm014329@coredump.keromytis.com>
Sender: owner-ipsec@lists.tislabs.com

On Fri, 29 Mar 2002, Angelos D. Keromytis wrote:

>
> In message <Pine.LNX.4.33.0203281919090.1204-100000@janpc-home.cisco.com>, Jan
> Vilhuber writes:
> >
> >Then you'd have to reauthenticate, which you may not want to (public
> >key operation and all). At least that's the only difference I can
> >see. This is somewhat lighter weight than a full phase 1.
> >
> >[ I haven't thought this proposal through yet, so I'm not coming down
> >on one side or the other ;) ]
>
> The argument I made a while ago, about caching the results of a
> cert chain validation hold for this case too.

But you STILL need to redo the rsa sigs. Just caching the certificate
validation buy's you having to redo all that, but having to redo the
rsa is costly anyway.

And please don't say "but rsa operations are cheap" because they
aren't..

jan
 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

Follow-Ups:
- Re: Suggestion for SOI wrt PFS
  - From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>

References:
- Re: Suggestion for SOI wrt PFS
  - From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>

Prev by Date: [ Problems setting up CA server ]
Next by Date: Re: QoS considerations
Prev by thread: Re: Suggestion for SOI wrt PFS
Next by thread: Re: Suggestion for SOI wrt PFS
Index(es):
- Date
- Thread