-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The vulnerability of any key is growing for every second the key
> is used and for every byte passed throught the key. Also note, the
> compromising of a key mean all data encrypted by the key during recent
> transmissions should be counted compromised.
>
> So, from paranoid point of view - yes, it is more secure to use
> IKE and rotate the keys.

Uh, doesn't IKE use public keys to share symmetric keys? Doesn't that
imply that if you crack the private keys, you can then go back and decrypt
the symmetric key exchange and finally decrypt the traffic? Isn't this
why people expire their PGP keys and SSL CA's encourage you to expire your
ssl keys?

So it would seem to me that failing to expire your symmetric keys is not
so different from failing to expire your public keys, and that this is a
key management issue and doesn't effect the security of the system
directly.

 -Jason

 -----------------------------------------------------------------------
 I worry about my child and the Internet all the time, even though she's
 too young to have logged on yet. Here's what I worry about. I worry
 that 10 or 15 years from now, she will come to me and say "Daddy, where
 were you when they took freedom of the press away from the Internet?"
        -- Mike Godwin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg

iD8DBQE8iW3BswXMWWtptckRAjnDAKCEn4yqTyi8Z4smyYkInAcSK7Y6KQCfVZih
Js7V5CskWFtzZYO96PC0xko=
=7sh8
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]