I plan to use ssh as the secure transport of a VPN. (Yes I know there are
other solutions but...)
These tunnels may be up for a long time, days or weeks, and escape
characters will be turned off because I'll be passing binary data so I
can't
force a rekey with that method.
Since the ssh spec says one should rekey every hour, I plan to patch the ssh
client to implement an auto-rekey option.
Do any of the security/cipher gurus have any problem with automatically
rekeying the connection at a specific interval. For simplicity's sake I
just plan to implement a simple timer that goes off every
user-specified-interval and rekeys the connection.
If the developers are interested, I'll send the patch along when I'm
done.
Thanks,
John