[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.4 Number of crypto operations

To: "Theodore Ts'o" <tytso@mit.edu>
Subject: Re: SOI QUESTIONS: 2.4 Number of crypto operations
From: Tylor Allison <allison@securecomputing.com>
Date: Fri, 21 Jun 2002 08:33:19 -0500 (CDT)
cc: <ipsec@lists.tislabs.com>
In-Reply-To: <E17L5KF-0003XH-00@think.thunk.org>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 20 Jun 2002, Theodore Ts'o wrote:

> Please discuss and answer this question.....
>
> 2.4 Number of crypto operations
>
> 2.4.A) JFK requires substantially more cryptographic operations for
> rekeying (two more signatures, two more signature validations, and
> three more hashes).  Is this a problem?  More generally, does SOI need
> to be able to support "fast" rekeying?

Yes, SOI should support fast rekeying.  Others have mentioned the need for
a secure management channel.  I agree with this.  I also feel that SOI will
scale better if we provide fast rekeying.  Awefully expensive if you have
hundreds or thousands of clients all rekeying and performing the full
crypto exponentiation for each rekey.

=====================================================================
= Tylor Allison         Secure Computing Corporation        =========
=====================================================================

References:
- SOI QUESTIONS: 2.4 Number of crypto operations
  - From: "Theodore Ts'o" <tytso@mit.edu>

Prev by Date: RE: SOI QUESTIONS: 2.3 Authentication styles
Next by Date: Re: SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)
Prev by thread: Re: SOI QUESTIONS: 2.4 Number of crypto operations
Next by thread: RE: SOI QUESTIONS: 2.4 Number of crypto operations
Index(es):
- Date
- Thread