Signal in IPsec
(too old to reply)
2017-02-19 19:42:33 UTC
Raw Message
Dear Community,

I was wondering if there are any endeavours to incorporate some kind of ratcheting into IPSec.

In particular I was wondering how one could determine a somehow reasonable tradeoff between performing or skipping a step in the DH-ratchet on the transmission of an IP datagram. Performing a step on each transmission on a full blown 40 GiB/s VPN might incur some performance issues despite probably being the most secure solution.

Maybe anyone has any ideas in this regard?

Thanks in advance,
Yours, Daniel