"interactive" freshness

["William Allen Simpson" <bsimpson@morningstar.com>]

I hate to contradict Hugo when he is actually agreeing with me (what a
rare circumstance), but he hasn't analysed the interaction correctly.


> From: hugo@watson.ibm.com
> Photuris hints to a way to do this but not in a satisfactory way.
> The implementation note in page 25 (Photuris.07) implies that an
> interactive key refreshment happens when the parties maintain their
> exchange-values unchanged. However, as far as I understand it,
> in this case only the initiator provides fresh information to the exchange
> via the SPI and Cookie (I believe that the intention of the text here is
> that the responder's cookie is unchanged in this case).
>
That is correct.

As he has noticed, the Initiator changes the Cookie on each Exchange.
This provides some very good "freshness".


> allow the parties to send fresh nonces as the "exchange-values".
> In this case, all the advantages of interactive refreshment as pointed out
> above hold.
>
They do!  Note that they also exchange a "fresh" SPI -- a nice random
number that is _guaranteed_ not to be the same as a previous SPI (in
that same direction) -- that also is included in the session-key.


> Let's not miss this oportunity to take full advantage of Photuris being
> "bi-directional" by definition.
>
We didn't....  But glad you agree!

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

---

• Prev by Date: Re: WG Last Call for SKIP I-D
• Next by Date: SKIP insecure
• Prev by thread: Re: IPSEC fragmentation scheme
• Next by thread: "interactive" freshness
• Index(es):
  • Main
  • Thread