2017-02-19 19:42:33 UTC
I was wondering if there are any endeavours to incorporate some kind of ratcheting into IPSec.
In particular I was wondering how one could determine a somehow reasonable tradeoff between performing or skipping a step in the DH-ratchet on the transmission of an IP datagram. Performing a step on each transmission on a full blown 40 GiB/s VPN might incur some performance issues despite probably being the most secure solution.
Maybe anyone has any ideas in this regard?
Thanks in advance,