[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 3.4 - 4.3

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: SOI QUESTIONS: 3.4 - 4.3
From: Henry Spencer <henry@spsystems.net>
Date: Tue, 2 Jul 2002 13:30:09 -0400 (EDT)
In-Reply-To: <3D21D9AB.6070605@speakeasy.net>
Sender: owner-ipsec@lists.tislabs.com

On Tue, 2 Jul 2002, Sankar Ramanoorthi wrote:
> ...Don't keepalive offer a listener a 
> steady stream of resonably predicatble data for the duration of the 
> IKE-SA's lifetime?

Only if one implements timed keepalives (as opposed to querying the other
end only when there is reason to suspect it might be down). 

> Does it increase the possibility of IKE SA being compromised?

It shouldn't.  A *lot* of the IKE SA traffic is quite predictable.  And
one should not be protecting an IKE SA with a cipher that is seriously
vulnerable to known-plaintext attacks (e.g., 1DES).

                                                          Henry Spencer
                                                       henry@spsystems.net

References:
- Re: SOI QUESTIONS: 3.4 - 4.3
  - From: Sankar Ramanoorthi <sankar@speakeasy.net>

Prev by Date: Re: new version of ESP ID
Next by Date: Re: new version of ESP ID
Prev by thread: Re: SOI QUESTIONS: 3.4 - 4.3
Next by thread: Source address as possible SA selector for multicast SA?
Index(es):
- Date
- Thread