Hi, Another solution is to use a cipher mode (like SIV) that does not lose all security if a counter is reused. Then you don't have to worry at all it.
Dan. On Mon, March 22, 2010 9:29 am, David McGrew wrote: > Hi Yoav, > > another requirement for IPsec HA is to coordinate the use of distinct > counters between multiple crypto engines. The problem (and a > convenient solution) is described in > http://tools.ietf.org/html/draft-ietf-msec-ipsec-group-counter-modes-05 > > David > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
