Firewall Wizards mailing list archives
Re: Ramifications from increasing IPsec SA or rekey times?
From: "J. Oquendo" <sil () infiltrated net>
Date: Fri, 19 Oct 2007 12:00:18 -0400
Christopher J. Wargaski wrote:
Folks-- I am investigating what the ramifications are for increasing the SA life or rekey time on an IPsec VPN. Certainly the longer the same SA stays around, the longer the Wiley Wacker has to break my key. Does anyone know of some documents suggesting vulnerabilities from or ramifications of increasing the SA lifetime or rekey time? _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Mainly performance issues http://w3.antd.nist.gov/pubs/perf-vpns-ikev1.pdf -- ==================================================== J. Oquendo SGFA (FW+VPN v4.1) SGFE (FW+VPN v4.1) "I hear much of people's calling out to punish the guilty, but very few are concerned to clear the innocent." Daniel Defoe http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Ramifications from increasing IPsec SA or rekey times? Christopher J. Wargaski (Oct 19)
- Re: Ramifications from increasing IPsec SA or rekey times? J. Oquendo (Oct 19)