Hi Scott,
> > > Actually, it does add value from a crypto point of view, at least from a
> > specific attack. In a multitarget attack, that is, an attack where we
> > assume
> > that the attacker has encrypted packets from a large number of SAs, and his
> > goal is to recover the keys for any on
> -Original Message-
> From: Valery Smyslov
> Sent: Thursday, July 30, 2020 4:07 AM
> To: Scott Fluhrer (sfluhrer) ; 'Michael Rossberg'
>
> Cc: 'ipsecme mailing list'
> Subject: RE: [IPsec] Teaser for pitch talk at IETF 108
>
> Hi Scott,
>
> > > > Actually, it does add value from a cry
On 7/24/20 2:28 PM, William Allen Simpson wrote:
Therefore, I'd recommend that IPsec instead implement a block of related SPIs.
Each SPI should have its unique session-key as usual, but all would have the
same next protocol header and TCP/UDP port associated with the same flow.
In the Photuris E
The comments thus far seem to be mixed. This is a perennial topic.
We spent much time on it in PIPE/SIPP/IPv6.
We agreed on leading for AH and trailing for ESP.
When I wrote the KA9Q NOS code implementing Van Jacobson's packet
buffers that eventually was ported to Linux by Alan Cox, the code kn
