[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [MSEC] Re: new version of ESP ID
Haitham,
I tend to agree with Steve. Large groups or dynamic groups will need
distributed key and security management. I'd point out that GSAKMP (heavy
and Lite) allow for distribution of the key and security management functions.
One of the key points to setting up distributed management for large groups
is ensuring that the system is secure. GSAKMP does this by incorporating a
policy token in the key exchanges.
On your second point anti-replay. I think the decision to switch off that
feature is dependant on the system your protecting. In many cases, I'd do
as you suggested, turn off the anti-replay. However, it depends on the
threats to the system.
Hugh
________________________________________________________
Hugh Harney hh@sparta.com 410-381-9400 x203
________________________________________________________