[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.4 Number of crypto operations

To: ipsec@lists.tislabs.com
Subject: Re: SOI QUESTIONS: 2.4 Number of crypto operations
From: "Housley, Russ" <rhousley@rsasecurity.com>
Date: Fri, 21 Jun 2002 13:57:56 -0400
Sender: owner-ipsec@lists.tislabs.com

On Thu, 20 Jun 2002, Ted Ts'o wrote:

 > Please discuss and answer this question.....
 >
 > 2.4 Number of crypto operations
 >
 > 2.4.A) JFK requires substantially more cryptographic operations for
 > rekeying (two more signatures, two more signature validations, and
 > three more hashes).  Is this a problem?  More generally, does SOI need
 > to be able to support "fast" rekeying?

Ted:

This one cannot be discussed in isolation.  It has may interrelationships 
with other aspects of key management.  PFS is an obvious one.  As I said 
earlier, there are many environments where PFS is not needed, so I believe 
it should be optional.  Those that need it can expend the effort to get 
it.  Those that do not need it, can do things more efficiently, including 
derive fresh SA keys from previously established secrets.

Russ

Prev by Date: Re: SOI QUESTIONS: 2.5 Plausible deniability
Next by Date: Re: SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)
Prev by thread: RE: SOI QUESTIONS: 2.4 Number of crypto operations
Next by thread: RE: SOI QUESTIONS: 2.4 Number of crypto operations
Index(es):
- Date
- Thread