[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Photuris Long-Term Session-Keys



In the past week, there was considerable private debate about combining
certain features of SKIP and Photuris.  In particular, SKIP long term
state for saving "master" keys, when perfect forward secrecy is not
needed -- as in authentication-only applications, or "rapid fail-over"
[sic] surviving crashes of critical firewalls.

The current size of the Photuris SPI LifeTime is sufficient for weeks or
months of long-term storage (2**24-1 seconds is about half a year).

The SPI LifeTime is not related to the Photuris Exchange LifeTime.  That
is, the SPI session-key can be stored for long periods of time without
compromising other privacy uses of the same shared-secret.

Therefore, I will add a 5th "scenario", describing the possible storage
of Long LifeTime SPIs.  This should obviate the only "advantage" of SKIP.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Follow-Ups: