[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user-to-user vs. host-to-host keying


Your observation :

>  Seems reasonable to me, but has nothing to do with user-user as opposed
>  to host-host keying.  All DES keys should be changed before 2^32 blocks.
>  Big deal.  I can't imagine any TCP session not doing that, on a
>  user-user basis.

I believe misses the point of the original message. The concrete justification
for user-to-user keying is that one user might be able to cryptoanalyze the
traffic encrypted by a common host-to-host key, thereby obtaining the plaintext
from another user's communication. If reasonable session key managment
techniques are used, this is not a viable threat. Consequently, the
justification for mandatory support of user-to-user keying evaporates.