[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: user-to-user vs. host-to-host keying
Bill,
Your observation :
> Seems reasonable to me, but has nothing to do with user-user as opposed
> to host-host keying. All DES keys should be changed before 2^32 blocks.
> Big deal. I can't imagine any TCP session not doing that, on a
> user-user basis.
>
I believe misses the point of the original message. The concrete justification
for user-to-user keying is that one user might be able to cryptoanalyze the
traffic encrypted by a common host-to-host key, thereby obtaining the plaintext
from another user's communication. If reasonable session key managment
techniques are used, this is not a viable threat. Consequently, the
justification for mandatory support of user-to-user keying evaporates.
Dan
Follow-Ups: