[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: speaking of keys
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Marcus" == Marcus Leech <mleech@nortelnetworks.com> writes:
Marcus> I really don't have a problem with MUSTing a couple of groups at
Marcus> least.
Marcus> 1024 - fast, but somewhat less secure
Marcus> 15xx - slower, but rather more secure
Marcus> I can sympathize with not wanting to mandate the much larger groups.
Marcus> Small
Marcus> devices (telephones, for example) really do have some serious storage
Marcus> and peformance issues, but storage is the real killer, as it
Marcus> turns
Marcus, while I would be overjoyed to see these devices do random IPsec
connections to random other devices, I have serious doubts that this is
really going to occur.
What's the application? VPNs? VoIP?
I honestly have my doubts here. A device that can afford a full fledged
Java implementation to web surf and do IMAP, that can't do IKE?
While Bert's laptop
<http://bert.secret-wg.org/Trips/IETF55/index.html>
runs IPsec OE, it has as much ram as my previous notebook computer, and
more CPU, actually.
I just don't get it. You can't set these numbers in isolation from the
applications involved.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPgTA7oqHRg3pndX9AQFhzwQAuq2Vjcnvogi4X/6yuLVWTLJa71w0WedD
cdqFb5V699AhtrR6t7z2fVbDaRUF855XXtmJF/ehVoSR9d53Jo57OqhZ4kpmtkW6
MlkHczwGXcQDqeQyIxrOt6rPjhJ9ynlYkJsjZYq50ru1TOhN9+JSdEKOrancy+YI
YjuY0ufzpug=
=k7BJ
-----END PGP SIGNATURE-----