From: ccie2be (ccie2be@nyc.rr.com)
Date: Tue May 31 2005 - 16:54:13 GMT-3
John,
If it were me, I would definitely use the 2nd approach.
Why play around with send and receives separately. Just start the new key
to fully kick in 1/2 hour before the old key ages out. That way you can
verify the new key is working before the old key stops.
HTH, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of John
Matus
Sent: Tuesday, May 31, 2005 3:18 PM
To: ccielab@groupstudy.com
Subject: overlapping key's
when you are faced with a situation of needing to age out one key while
validating a new key, let's say by 1/2 hour, or from 5 - 5:30
would you set the send keys to stop sending @ 5pm and set the recieve keys
to stop reciving @ 5:30 on the old key
and set the new key to send @ 5:30 and recieve @ 5:30
or
would you set set both the send and recieve time of the old key to 5:30 and
set both the send and recieve time of the new key to kick in @ 5:00 pm
i'm guessing it's more like the last but i'm not sure if there is another
staggering algorithm that is preferable.....
TIA
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:04 GMT-3