nanog mailing list archives

RE: key change for TCP-MD5

From: "David Schwartz" <davids () webmaster com>
Date: Thu, 22 Jun 2006 15:19:11 -0700

How often do you think keys should change?


        Arguably, any time someone who had access to the key is no longer supposed
to have such access.

I've never had anyone ask
to change keys for about 50 session-years.


        I guess the question the question is whether that's because they really
never needed to, really didn't think about, or really didn't want to suffer
the hassle and so just accepted the risk.

        DS

Current thread:

Re: key change for TCP-MD5, (continued)
- - Re: key change for TCP-MD5 Jared Mauch (Jun 19)
  - Re: key change for TCP-MD5 Steven M. Bellovin (Jun 19)
    - Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 19)
  - Re: key change for TCP-MD5 Randy Bush (Jun 19)
    - Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 19)
    - Re: key change for TCP-MD5 Randy Bush (Jun 19)
    - Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 19)
  - Re: key change for TCP-MD5 Edward B. DREGER (Jun 19)
  - Message not available
    - Re: key change for TCP-MD5 Steven M. Bellovin (Jun 22)
    - Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 22)
    - RE: key change for TCP-MD5 David Schwartz (Jun 22)
- RE: key change for TCP-MD5 Bora Akyol (Jun 20)
  - Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 20)
    - Re: key change for TCP-MD5 Randy Bush (Jun 20)
    - Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 20)
    - Re: key change for TCP-MD5 Crist Clark (Jun 20)
    - Re: key change for TCP-MD5 Valdis . Kletnieks (Jun 20)
  - RE: key change for TCP-MD5 Randy Bush (Jun 20)
- RE: key change for TCP-MD5 Ross Callon (Jun 20)
  - Re: key change for TCP-MD5 Richard A Steenbergen (Jun 20)
    - Re: key change for TCP-MD5 Warren Kumari (Jun 20)

(Thread continues...)