Hi, On 07-05-17 11:39, Magnus Kroken wrote: > Non-crypto geek here, comments inline. > > On 05.05.2017 22:30, Steffan Karger wrote: >> +control channel messages. A typical initial negotiation is about 10 packets >> +in each direction. Assuming both initial negotation and renogatiations are >> +at most 2^16 (65536) packets, and (re)negotiations happen each minute for >> +each user (24/7) > > Does 10 and 65536 represent the same actual thing here, where 10 is a > practical real-world estimate, and 65536 is an extremely conservative > estimate?
Exactly. > Or does it mean that each user will cause a total of 65536 > (re)negotiation packets in his lifetime? I think using a conservative > estimate is a good idea, but the large difference is somewhat confusing > (and I'm not entirely sure I get the correct meaning myself). Good point, I'll try to make this more clear. Maybe useful as background information: I am really trying to keep this section short, because I fear otherwise people will just "TL;DR" and skip it. But that does result in a high information density. >> this limits the tls\-crypt key lifetime to 8171 year divided > > 8171 years (just a typo I suppose, but it's significant to the meaning > of the sentence). Ah, yes. This is a Dutch-English mixup - the Dutch (mostly) don't use plural for more-then-one years. Will fix too. -Steffan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
