[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SOI QUESTIONS: 2.4 Number of crypto operations
>
>
> Please discuss and answer this question.....
>
> 2.4 Number of crypto operations
>
> 2.4.A) JFK requires substantially more cryptographic operations for
> rekeying (two more signatures, two more signature validations, and
> three more hashes). Is this a problem? More generally, does SOI need
> to be able to support "fast" rekeying?
Yes.
To be more precise, SOI should have a 2 phases. This will help with fast
rekeying, fast tunnel setup (for multiple tunnels), and better tunnel
management (this was the BIGGEST problem with IKEv1, IMO).