Re: Slicing and dicing

Ran Atkinson <rja@inet.org> Sat, 13 September 1997 00:57 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id UAA11449 for ipsec-outgoing; Fri, 12 Sep 1997 20:57:41 -0400 (EDT)
Date: Sat, 13 Sep 1997 00:55:35 +0000
From: Ran Atkinson <rja@inet.org>
Subject: Re: Slicing and dicing
To: ipsec@tis.com
X-Mailer: Chameleon ATX 6.0, Standards Based IntraNet Solutions, NetManage Inc.
X-Priority: 3 (Normal)
References: <199709121921.MAA12951@trix.cisco.com>
Message-ID: <Chameleon.874108653.rja@c8-a.snvl1.sfba.home.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

I'm with Dan and Cheryl (and sundry others).   An implementation
should check for weak/semi-weak keys.  If it encounters a problem,
just kill the SA and get a new one.  This is nicely general
for all algorithms.

Ran
rja@inet.org