[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Photuris changes

To: ipsec@ans.net
Subject: Photuris changes
From: "William Allen Simpson" <bsimpson@morningstar.com>
Date: Sun, 19 Nov 95 20:10:11 GMT

Over the past week, the authors have spent considerable time reviewing
the state of the current draft and the recent discussions.

We have concluded that certain "flexibility" features overly complicate
the implementation and have made cryptological verification difficult.

Therefore, the following changes will be made in the next draft:

 1) The TLV definition of Attributes will be moved from the Appendix to
    the Protocol Details "Attributes" section.  This is hoped to make it
    easier to scan for implementors (less page flipping).

    The three required Attributes descriptions will remain in the
    Appendix.  All other non-required Attributes have already been moved
    to a separate "Extensions" document.

 2) The optional moduli will be moved to the "Extensions" document.

    However, the example elliptic curve will remain, as it may encourage
    folks to experiment during the expected interminable "Extensions"
    document discussion.

 3) The "Privacy-Choice" is being removed.  Instead, each
    "Scheme-Choice" will specify exactly one privacy method.  All
    Identification_Messages will be protected.

    The required 1024-bit modulus and optional 155-bit elliptic curve
    will both use DES.

    The optional 2048-bit and 4096-bit moduli will use Triple DES.

 4) The "Key-Generator-Choice" is being removed.  Instead, each
    authentication or encryption method will specify exactly one key
    generator hashing function.

    The required MD5 will always use MD5 (big surprise).

    The required DES with 32 or 64 bit IVs will always use MD5.

 5) The "Validity-Choice" is being removed.  Instead, each
    "Scheme-Choice" will specify exactly one integrity method.  All
    Change_Messages will be protected.

    The required 1024-bit modulus and optional 155-bit elliptic curve
    will both use MD5.

Another suggestion was that a formal pair of FSAs be described for the
Initiator and Responder.  This has been determined to add many pages to
the draft.  Perhaps if it is still felt that it is needed at the Draft
Standard stage, we will undertake the effort at that time.

I expect to have a new draft ready by Tuesday.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Prev by Date: Photuris Long-Term Session-Keys
Next by Date: Re: Photuris Long-Term Session-Keys
Prev by thread: Photuris Long-Term Session-Keys
Next by thread: Photuris in Dallas.
Index(es):
- Main
- Thread