[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user-to-user vs. host-to-host keying

>  From rja@bodhi.itd.nrl.navy.mil Wed Mar  8 11:02:39 1995
>  To: Dan Nessett <Danny.Nessett@Eng>, ipng@sunroof.Eng.Sun.COM, ipsec@ans.net
>  Subject: Re: user-to-user vs. host-to-host keying
>  Mime-Version: 1.0
>  Dan,
>    Your analysis was limited to DES.  The specifications are
>  algorithm-independent and NEED to support other algorithms
>  such as RCx, IDEA, etc.  The need for user-to-user keying
>  remains clear.  Handwaving about "judicious key management"
>  is not a meaningful answer even for DES.
>    Did you miss Jeff Schiller's comments on this at the Open IPng
>  Directorate meeting in San Jose ?  I can't do justice to his
>  remarks but think they were well put.
>  Ran
>  atkinson@itd.nrl.navy.mil


Yes I did miss Jeff's remarks. However, I wouldn't characterize my suggestion
of "judicious key management" as handwaving. According to your architecture I-D,
DES-CBC is the default encryption algorithm for the global Internet, so I
believe the analysis I presented is pertinent for the default case. If another
algorithm is being used, then a similar analysis would apply in order to
discover the maximum amount of plaintext that should be encrypted by one
key. Note that this value should also be known when user-to-user keying
is employed, for the same cryptoanalytic threat exists in that case as
well. That is, the user-to-user session key should be changed when a significant
amount of plaintext has been encrypted with it.

I am not saying that user-to-user keying shouldn't be allowed to thwart the
threat you mention. I am saying it isn't the only way to combat this threat
and therefore IPv6 implmentations should not be required to support it.