[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on Photuris
Hugo,
>> Suppose I add a rule to Photuris that says you should use an existing
>> SAID whenever possible to encrypt the exchanges that create a new
>> SAID. Would this give you some of the same sort of protection against
>> partial compromises that you get with explicit key refreshment?
>If I understand correctly, what you mean is basically having two
>(simultaneous) ways to authenticate a key exchange. One is using
Actually, I wasn't thinking about authentication so much as I was
looking for a cheap way to harden the protocol against passive
eavesdropping. This is still by far the easiest attack to mount on a
large scale -- just ask NSA. Yes, an active attacker can still come
along and pretend to be a correspondent who has lost state, but this
is not only a lot harder to do, it greatly increases the chance of
being detected.
Phil