| Config |
Type (units) |
Default |
Description |
| integ |
boolean |
false |
enable/disable integrity guarantee. |
| conf |
boolean |
false |
enable/disable confidentiality guarantee. |
| sauth |
boolean |
false |
enable/disable sender authenticity guarantee. |
| hash |
enum : md5 |
md5 |
Hash function used to ensure key distribution message
integrity. |
| satype |
enum : signpkt, online |
signpkt |
This identifies the type of source authentication used.
(signpkt=signed packets, online=online signatures) |
| frmsize |
integer > 0 |
10 |
Used by all streaming techniques, number of packets to
calculate signature over. |
| datfwd |
integer >= 0 (milliseconds) |
250 |
Length of data forwarding timer. Packets in
streaming approaches will be buffered for no longer than this
interval. |
| cafile |
string |
ca_sgn |
Filename of trusted CA (for source authentication certificates). |
| grace |
floating point >= 0 (seconds) |
0.5 |
If data is received with an old key, and that
key was active grace seconds ago, then the data
will be accepted. This generally is used to allow
for the fact that there is some latency to key
distribution. Clients may be transmitting data
under an old key while a new key is on the way,
and, has possibly been received by other members.
If this value is 0 or negative the grace period
will be deactivated. Note that making the grace
period larger opens a possible security hole -
recently ejected members with old keys will be
able to transmit messages to the group until the
grace period expires.
|
