[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SOI QUESTIONS: 2.4 Number of crypto operations

To: "Theodore Ts'o" <tytso@mit.edu>, <ipsec@lists.tislabs.com>
Subject: RE: SOI QUESTIONS: 2.4 Number of crypto operations
From: "Stephane Beaulieu" <stephane@cisco.com>
Date: Mon, 24 Jun 2002 10:18:33 -0400
Importance: Normal
In-Reply-To: <E17L5KF-0003XH-00@think.thunk.org>
Sender: owner-ipsec@lists.tislabs.com


>
>
> Please discuss and answer this question.....
>
> 2.4 Number of crypto operations
>
> 2.4.A) JFK requires substantially more cryptographic operations for
> rekeying (two more signatures, two more signature validations, and
> three more hashes).  Is this a problem?  More generally, does SOI need
> to be able to support "fast" rekeying?

Yes.

To be more precise, SOI should have a 2 phases.  This will help with fast
rekeying, fast tunnel setup (for multiple tunnels), and better tunnel
management (this was the BIGGEST problem with IKEv1, IMO).

Follow-Ups:
- RE: SOI QUESTIONS: 2.4 Number of crypto operations
  - From: Michael Thomas <mat@cisco.com>

References:
- SOI QUESTIONS: 2.4 Number of crypto operations
  - From: "Theodore Ts'o" <tytso@mit.edu>

Prev by Date: I-D ACTION:draft-ietf-ipsec-pki-profile-00.txt
Next by Date: RE: SOI QUESTIONS: 2.6 Formal proofs of security
Prev by thread: Re: SOI QUESTIONS: 2.4 Number of crypto operations
Next by thread: RE: SOI QUESTIONS: 2.4 Number of crypto operations
Index(es):
- Date
- Thread