Daniel Migault writes: > value SN needs to be considered instead. Note that the limit of > messages being sent is primary determined by the security associated > to the key rather than the SN. The security of the key used to > encrypt decreases with the each message being sent and a node MUST > ensure the limit is not reached - even though the SN would permit it. > In a constrained environment, it is likely that the implementation of a > rekey mechanism is preferred over the use of ESN.
No. The security of the key does not decrease, but the ability for the attacker to attack the key might incrase, and the value of attacking that one key also increases when more data is encrypted with it. Also with short block length algorithms there were stricter limits of data that can be encrypted with one key. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
