[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Two keys to differentiate directions
- To: amir@watson.ibm.com
- Subject: Re: Two keys to differentiate directions
- From: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.lkg.dec.com>
- Date: Fri, 10 Jun 94 10:10:05 -0400
- Cc: ipsec@ans.net
- In-Reply-To: Your message of "Fri, 20 May 94 13:59:46 EDT." <199405201800.AA15749@interlock.ans.net>
From: amir@watson.ibm.com
To: ipsec@ans.net
>Donald,
>
>>> I think the simplest answer is not to use the same key for both
>>> directions.
>
>This would work but it is a wasteful solution. A much simpler and
>more efficient solution is to have a clear direction indicator,
What is it you are wasting? You usually have plenty of keying
material, relative to the requirements of most symetric algorithms, if you
do Diffie-Hellman, and it adds some small amount of cryptographic strengh
for the adversary to have to break two keys to see the entire conversation.
Why is using a bit simpler?
Why is using a bit more efficient? Sure, the bit is probably free in
most designs, but using different keys potentially frees up the bit
for other uses.
>this is also simpler to reason about, and is a standard and well
Why is it simpler to reason about? If you use different keys, they any
confusion in communications or attempt to reply in the wrong direction
will result in garbage and authentication/integrity failure.
>known technique. In particular you could use the sender/recipient in
>the authenticated information (although it is enough, for this purpose,
>to use only one bit e.g. do I have the lower or higher address).
I do agree that using a bit is a standard and well known technique.
>best, Amir Herzberg
Donald