[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Diffie-Hellman

To: IPSEC@ans.net, hugo@watson.ibm.com
Subject: Re: Diffie-Hellman
From: "Oliff, Phillip" <poliff@stdntmail.lmu.edu>
Date: Mon, 12 Dec 94 16:35:35 PST
Return-Receipt-To: poliff@stdntmail.lmu.edu

     12 December 1994
     
     I am a non-meeting attending member of the IETF IPSEC working group.
I am personally in favor of experimenting with new Internet security protocols. 
My main question/quibble is that my network uses Lotus CC:MAIL. I wonder how 
this protocol is implemented. Is it possible to run this routine in 
MS-DOS/MS-Windows? We have limited use to a UNIX box and it is not connected 
with the real world.

Regards,

Phill

******************************************************************************* 
* PHILLIP CHARLES OLIFF               | 1734 WARNALL AVENUE  LL       +       * 
* ALUMNI, CLASS OF 1994               | LOS ANGELES, CA      LL  MM   MM      * 
* DEPARTMENT OF PSYCHOLOGY            | 90024-5339           LLLLLMM MMUU UU  * 
* LOYOLA MARYMOUNT UNIVERSITY         | POLIFF@STDNTMAIL.LMU.EDU MM M MUU UU  * 
* LOS ANGELES, CALIFORNIA 90045-2699  | Phone: (310) 915-3983          UUUUU  * 
*******************************************************************************



______________________________ Reply Separator _________________________________
Subject: Diffie-Hellman
Author:  hugo@watson.ibm.com at STDNTMAIL-LMU
Date:    12/9/94 11:29 AM


Dear IPSEC-ers, (see questions at the bottom)

It seems that if there was something agreed about key management in 
this IETF is that we require perfect forward secrecy (in particular,
the exposure of two parties private keys should not expose past or future 
traffic between these two parties to passive attacks).

The practical significance of this decision is that we are going to build 
the key exchange mechanism based on Diffie-Hellman. Since I believe that 
nobody wants to leave this key exchange vulnerable to active 
(man-in-the-middle) attacks it actually means that we are going to implement 
authenticated DH exchange.

This is a crucial decision of this group. It means that we want to provide 
very high security (which is great considering that key management is the 
foundation of any security mechanism) and we are willing to pay
the computational price. The later involves six long exponentiations, at least 
for parties that exchange their first key.
Some careful optimizations are possible (e.g., some of the exponentiations 
performed off-line) but the overall computation cost is not negligible.

It would be nice to close this issue over this list such that we can say 
that this is the IPSEC group DECISION and not just the opinion of several 
IETF attendees.

The questions are:

1) is there any opposition to this agreement? For example, well-identified
   scenarios where this is infeasible?

2) if you have experimental data on the performance of DH exponentiation
   please share it with the group. It may help tune the protocol decisions. 
   PLEASE SPECIFY: h/w and s/w platform, length of modulus (and length of 
   exponent if different than modulus size) and, if possible, the
   software implementation used (RSAREF, PGP, etc.).
   Please give numbers for a SINGLE exponentiation (or otherwise specify 
   what are the numbers for)
   (I heard, from people in the IETF, performance numbers that on similar
    platforms varied up to 10 times!)

Thanks, Hugo

Prev by Date: Re: Diffie-Hellman (note by Hugo)
Next by Date: key management
Prev by thread: Re[2]: Diffie-Hellman (note by Hugo)
Next by thread: Re: Diffie-Hellman
Index(es):
- Main
- Thread