[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI QUESTIONS: 3.4 - 4.3
On Tue, 2 Jul 2002, Sankar Ramanoorthi wrote:
> ...Don't keepalive offer a listener a
> steady stream of resonably predicatble data for the duration of the
> IKE-SA's lifetime?
Only if one implements timed keepalives (as opposed to querying the other
end only when there is reason to suspect it might be down).
> Does it increase the possibility of IKE SA being compromised?
It shouldn't. A *lot* of the IKE SA traffic is quite predictable. And
one should not be protecting an IKE SA with a cipher that is seriously
vulnerable to known-plaintext attacks (e.g., 1DES).
Henry Spencer
henry@spsystems.net