[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI QUESTIONS: 2.4 Number of crypto operations
On Thu, 20 Jun 2002, Ted Ts'o wrote:
> Please discuss and answer this question.....
>
> 2.4 Number of crypto operations
>
> 2.4.A) JFK requires substantially more cryptographic operations for
> rekeying (two more signatures, two more signature validations, and
> three more hashes). Is this a problem? More generally, does SOI need
> to be able to support "fast" rekeying?
Ted:
This one cannot be discussed in isolation. It has may interrelationships
with other aspects of key management. PFS is an obvious one. As I said
earlier, there are many environments where PFS is not needed, so I believe
it should be optional. Those that need it can expend the effort to get
it. Those that do not need it, can do things more efficiently, including
derive fresh SA keys from previously established secrets.
Russ