Photuris re-keying

["William Allen Simpson" <bsimpson@morningstar.com>]

I do wish people would chnage the suject line when they change the subject.

> From: hugo@watson.ibm.com
> When you say that
>  > Perfect forward secrecy can be achieved without having either
>  > in-band key mgmt or structured SAIDs.
> you mean achieving it via Diffie-Hellman. Agreed.
>
> The meaning of DH being expensive is that you will do key refreshments
> less frequently. Let say each 12 hours.

Let us not!  Current plans are 2 to 5 minutes on inexpensive (386-16)
software and hardware.


> A very cheap way to achieve this is that each, say 2 hours (or 5 minutes if you
> want), both parties refresh their current key by applying to it a one-way
> function (i.e., with negligible computational cost). This requires no
> interaction.

Actually, as Phil has already pointed out, Photuris can easily be
extended with another message pair to re-key in such a way on the order
of seconds.  Do we need re-keying on the order of seconds?


> Now, if I change my key non-interactively from time to time I want a means to
> tell that to the other party to guarantee synchronization; a minimally
> structured SAID will do.
>
But, as several people have pointed out, there is no need to "structure"
the SAID.  Merely sending the Photuris update packet exchange will do
the same thing, in approximately the same bandwidth, and exactly the
same number of exchanges as a "non-interactive" exchange.


> Truth is that I prefer even these frequent changes to be done interactively,
> since these interactions can be very efficient (see MKMP).  In that
> case no need for structured SAIDs, and security is even better

Yes, this is probably the right thing to do.

Bill.Simpson@um.cc.umich.edu

---

• Prev by Date: SKIP re-keying not enough
• Next by Date: DH EC small correction
• Prev by thread: SKIP re-keying not enough
• Next by thread: DH EC small correction
• Index(es):
  • Main
  • Thread