[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Diffie-Hellman

To: Russ_Housley.McLean_CSD@xerox.com
Subject: Diffie-Hellman
From: colin@nyx10.cs.du.edu (Colin Plumb)
Date: Wed, 24 Nov 93 12:24:59 MST
Cc: ipsec@ans.net

RECAP

> In the IEEE 802.10 draft key management standard, key establishement
> goes through two phases.  First, a key is generated.  We support many
> techniques, including Diffie-Hellman, Needham-Schroder, and selecting
> keys from a manually distributed cache.  Second, attributes are
> negotiated.  These attributes determine how the key will be used; they
> include the algorithm and the security protocol that will be used.  The
> attribute negotiation exchange are encrypted under the key that was
> generated to ensure that both parties have the same key.  When they do
> have the same key, authentication is achieved.

As long as this negotiation can detect someone replaying an old message
(or some sort of timestamp is included in the signature), then

> Step 1) A to B:  aX mod p, SIGN {aX mod p}, certificate of A
> Step 2) B to A:  aY mod p, SIGN {aY mod p}, certificate of B

is secure.

I am unclear about the point of encrypting the certificates in these
protocols.  The whole point to having them in the first place is to 
provide security against an active (tampering) eavesdropper.  With
the other protocols, such an eavesdropper can spoof one end and
enter into negotiation with A.  E will be unable to give a good
signature from B, but since E generated Y, E can compute aXY,
which is the encryption key, and thus capture A's certificate.

Is there some advantage to denying additional information to passive
eavesdroppers?

DIFFIE-HELLMAN

Diffie-Hellman is a four step process.  I our protocol, these four steps would
be followed by two attribute negotiation steps.

Step 1) A to B:  aX mod p
Step 2) B to A:  aY mod p
Step 3) A to B: ENCRYPT {SIGN {aXY mod p, certificate of A}}
Step 4) B to A: ENCRYPT {SIGN {aXY mod p, certificate of B}}

Diffie-Hellman can be shortened to three key generation steps (again followed
by two attribute negotiation steps).

Step 1) A to B:  aX mod p
Step 2) B to A:  aY mod p, ENCRYPT {SIGN {aXY mod p}, certificate of B}
Step 3) A to B: ENCRYPT {SIGN {aXY mod p, certificate of A}}

Of course, steps 1 and 2 can take place simultaneously, so it's really
just one stage.  Each side sends aX and receives aY, or vice versa.
-- 
	-Colin

Prev by Date: Re: IPSEC Minutes - IETF28
Prev by thread: SP3/NLSP Implementations
Index(es):
- Main
- Thread