Search This Blog

Saturday, October 20, 2007

firewall-wizards Digest, Vol 18, Issue 11

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Ramifications from increasing IPsec SA or rekey times?
(J. Oquendo)


----------------------------------------------------------------------

Message: 1
Date: Fri, 19 Oct 2007 12:00:18 -0400
From: "J. Oquendo" <sil@infiltrated.net>
Subject: Re: [fw-wiz] Ramifications from increasing IPsec SA or rekey
times?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <4718D492.1020801@infiltrated.net>
Content-Type: text/plain; charset="iso-8859-1"

Christopher J. Wargaski wrote:
> Folks--
>
> I am investigating what the ramifications are for increasing the SA
> life or rekey time on an IPsec VPN. Certainly the longer the same SA
> stays around, the longer the Wiley Wacker has to break my key.
>
> Does anyone know of some documents suggesting vulnerabilities from
> or ramifications of increasing the SA lifetime or rekey time?
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>

Mainly performance issues
http://w3.antd.nist.gov/pubs/perf-vpns-ikev1.pdf

--
====================================================
J. Oquendo

SGFA (FW+VPN v4.1)
SGFE (FW+VPN v4.1)

"I hear much of people's calling out to punish the
guilty, but very few are concerned to clear the
innocent." Daniel Defoe

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5533 bytes
Desc: S/MIME Cryptographic Signature
Url : https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20071019/fb0588dc/attachment-0001.bin


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 18, Issue 11
************************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)