[3361] in cryptography@c2.net mail archive
Re: Fwd: Re: r.e. quality of IDEA...
daemon@ATHENA.MIT.EDU (Steve Bellovin)
Thu Sep 24 14:22:06 1998
To: Rodney Thayer <rodney@tillerman.nu>
cc: cryptography@c2.net
Date: Thu, 24 Sep 1998 14:00:55 -0400
From: Steve Bellovin <smb@research.att.com>
In message <199809240422.AAA19933@2gn.com>, Rodney Thayer writes:
> What do you mean, "key agility is an IPSec requirement"? If you mean you
> must set up the keys fast, I disagree. You have to do this
> humunguous D-H and an RSA operation to set up IKE, and if you're
> careful overlapping Security Association set-up you can be
> calculating one key schedule whilst still using the previous one.
The issue is maintaining many IPSEC sessions at the same time, perhaps
to different destinations. Given the expansion factor between the
key size and the key schedule in many ciphers, it is often infeasible
to store key schedules. This is especially true for hardware-based
IPSEC devices, where there is a very big incentive to keep all keying
material on-board.
