[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: user-to-user vs. host-to-host keying
> From rja@bodhi.itd.nrl.navy.mil Wed Mar 8 11:02:39 1995
> To: Dan Nessett <Danny.Nessett@Eng>, ipng@sunroof.Eng.Sun.COM, ipsec@ans.net
> Subject: Re: user-to-user vs. host-to-host keying
> Mime-Version: 1.0
>
> Dan,
>
> Your analysis was limited to DES. The specifications are
> algorithm-independent and NEED to support other algorithms
> such as RCx, IDEA, etc. The need for user-to-user keying
> remains clear. Handwaving about "judicious key management"
> is not a meaningful answer even for DES.
>
> Did you miss Jeff Schiller's comments on this at the Open IPng
> Directorate meeting in San Jose ? I can't do justice to his
> remarks but think they were well put.
>
> Ran
> atkinson@itd.nrl.navy.mil
>
>
Ran,
Yes I did miss Jeff's remarks. However, I wouldn't characterize my suggestion
of "judicious key management" as handwaving. According to your architecture I-D,
DES-CBC is the default encryption algorithm for the global Internet, so I
believe the analysis I presented is pertinent for the default case. If another
algorithm is being used, then a similar analysis would apply in order to
discover the maximum amount of plaintext that should be encrypted by one
key. Note that this value should also be known when user-to-user keying
is employed, for the same cryptoanalytic threat exists in that case as
well. That is, the user-to-user session key should be changed when a significant
amount of plaintext has been encrypted with it.
I am not saying that user-to-user keying shouldn't be allowed to thwart the
threat you mention. I am saying it isn't the only way to combat this threat
and therefore IPv6 implmentations should not be required to support it.
Dan