[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user-to-user vs. host-to-host keying

To: ipsec@ans.net, bsimpson@morningstar.com
Subject: Re: user-to-user vs. host-to-host keying
From: Danny.Nessett@eng.sun.com (Dan Nessett)
Date: Wed, 8 Mar 1995 12:01:29 -0800

Bill,

Your observation :

>  Seems reasonable to me, but has nothing to do with user-user as opposed
>  to host-host keying.  All DES keys should be changed before 2^32 blocks.
>  Big deal.  I can't imagine any TCP session not doing that, on a
>  user-user basis.
>  

I believe misses the point of the original message. The concrete justification
for user-to-user keying is that one user might be able to cryptoanalyze the
traffic encrypted by a common host-to-host key, thereby obtaining the plaintext
from another user's communication. If reasonable session key managment
techniques are used, this is not a viable threat. Consequently, the
justification for mandatory support of user-to-user keying evaporates.

Dan

Follow-Ups:

Re: user-to-user vs. host-to-host keying

From: Ran Atkinson <rja@bodhi.itd.nrl.navy.mil>

Re: user-to-user vs. host-to-host keying

From: "Perry E. Metzger" <perry@imsi.com>

Prev by Date: Re[2]: WG last call for IPv4 MD5
Next by Date: Re: (IPng) Re: out-of-band key management is like virtual circuits
Prev by thread: Re: user-to-user vs. host-to-host keying
Next by thread: Re: user-to-user vs. host-to-host keying
Index(es):
- Main
- Thread