[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on draft 03 of SKIP

To: schneide@tik.ee.ethz.ch
Subject: Re: comments on draft 03 of SKIP
From: "Christian Schneider" <cschneid@amiga.icu.net.ch>
Date: Thu, 9 Nov 1995 14:42:51 +0100
Reply-To: skip-info@tik.ee.ethz.ch
Sender: cschneid@amiga.icu.net.ch

A comment on draft-ietf-ipsec-skip-04.txt concerning 1.3.1  Zero Message Master
key Update with Diffie-Hellman:
Why not remove this and use the scheme described in 1.3.2 (hashing Kij with n)
for Diffie-Hellman generated keys as well?
THIS WOULD BE HIGHLY DESIRABLE!

We started implementing draft 04 and ran into the following problem:
There is large number computation involved in generating Kijn for 1.3.1 and
there are (mainly) two ways to do it:
- Calc Kijn as you need it (which means 1. the key is not ready when you need
  it, no packet transmission is possible until the computation is finished and
  2. (_even worse_) you can't rely on having Kij(n-1) to get Kijn which may
  force you to exponentiate.
- Keep all entries up-to-date, i.e. calc Kij(n+1) _every hour for every
  entry you have_. Certainly better but still pretty stupid IMHO.

You even could see a possible problem with a denial-of-service attack if doing
1.3.1 since more (and as far as I can see unneccessary) large number
computation has to be done on a SKIP-host.

Always using the hashing mode to get Kijn would eliminate all troubles and I
don't see any security problem with this.

I think all current and future implementors would agree with me that the
removal of 1.3.1 is an improvement to SKIP :-)

- Chris
-- 
Chris Schneider - cschneid@amiga.icu.net.ch BIX: hschneider IRC: cschneid
         Computers are not intelligent.  They only think they are.

Prev by Date: Re: comments on draft 03 of SKIP
Next by Date: naming and terminology
Prev by thread: Re: comments on draft 03 of SKIP
Next by thread: Re: comments on draft 03 of SKIP
Index(es):
- Main
- Thread