[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG Last Call for SKIP I-D




Ashar Aziz writes:
> We have been discussing this, and there is a PFS solution
> possible for SKIP, that I believe will satisfy a large percentage 
> of users.
> 
> The solution is to let the certified DH public key be instead
> a set of certified DH public keys, each of which have shorter 
> validity than a typical certificate, say one or two weeks.

Yuck. What a kludge! Whats the point, anyway? I mean, yes, it does
improve things a little bit, but its not like people don't still then
get months and months and months to try to snatch the keys, and
besides, there still aren't any demonstrable good parts to SKIP that
make it important enough to hang this sort of bag on it in order to
very marginally improve the secrecy. I mean, really, what does SKIP
give you? At best, it lets you substitute a lookup in a key database
with your initial Photuris exchange, and at the cost of losing Perfect
Forward Secrecy (what you are proposing isn't Perfect Forward Secrecy,
its just Slightly Improved Forward Secrecy).

> A short while after each public key expires, the corresponding
> private key is deleted.

So what? How do you know no copies exist? And, if someone breaks the
key, you lose not just one conversation but many.

In any case, as I've said, after all this time, I still don't see what
SKIP buys me.

Perry


References: