[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Proposal: Perfect forward secrecy a MUST
>From perry@imsi.com Wed Dec 14 13:51:44 1994
>In real network management systems, each managed entity typically
>communicates with a small number (usually one) of management
>stations. At the beginning (and maybe every day) they will end up
>spending a second or so setting up SAIDs, and maybe again every day or
>two, but thats probably the end of it. You picked a particularly bad
>example.
Having open long-term open security associations with a large
number of managed entities at the management station is not a
particularly inviting prospect, considering that rebooting
a management entity requires re-establishing all those associations.
Since there aren't long-term network connections that are typically
left open between management entity and managed entities, having
long term open security connections between them doesn't sound like
the right thing to do either.
> If you use perfect forward
>secrecy you shouldn't have to pay any more than the cost of the D-H
>algorithm.
I believe the proposal I made at the meeting comes close to this overhead.
I didn't do a count of the computational overhead of the other perfect forward
secrecy proposals, but keep in mind that protocols that authenticate
using signatures have a higher computational overhead than just the
DH algorithm. I believe that at least some of the other proposals
do signature based authentication. (The SKIP based proposal that I made
has an overhead equal to just the DH part, once cached shared master
keys exist).
Regards,
Ashar.
Follow-Ups: