[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Proposal: user-keys are implementation decision

To: uri@watson.ibm.com, ipsec@ans.net
Subject: Proposal: user-keys are implementation decision
From: " " <amir@watson.ibm.com>
Date: Fri, 16 Dec 1994 10:16:10 -0500
In-Reply-To: Your message of "Thu, 15 Dec 1994 16:30:26 EST." <9412152130.AA18270@buoy.watson.ibm.com>


Uri says:

> Hilarie Orman says:
> > The motivation for per-user keying based on chosen plaintext seems
> > unconvincing to me.  The amount of data sent per key can be controlled
> > by the OS, and adjusted to a conservative value based on the algorithm
> > in use.  Wouldn't it be cheaper and safer to rekey host-host
> > connections than to negotiate and rekey many user/host keys?
>
> Oh yes! Not only cheaper, but *simpler*! And I think, KISS ideology
> saved more than one life (:-).

Although I see the value of per-user keys, in particular in defeating choosen
plain/ciphertext attacks, I agree with Uri and Hilarie. In fact I think IKMP
and IPSP already include an unstructured SAID mechanism which should allow
implementations which wish to provide seperate keys for each user to do so.
So, why don't we concentrate on designing the protocols, and leave these
issues along, at least for now.

Best, Amir

References:

Re: Human I&A, IPsec, and their non-relationship

From: uri@watson.ibm.com

Prev by Date: Re: Human I&A, IPsec, and their non-relationship
Next by Date: Re: Re[2]: key management
Next by thread: Re: IPSEC at Dec IETF
Index(es):
- Main
- Thread