[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
forward secrecy: satisfying all parties
Ref: Your note of Thu, 14 Dec 1995 18:09:26 -0700 (attached)
Hilarie Orman writes:
>
> SKIP will probably be acceptable to some user communities. It's
> statelessness and resulting protocol simplicity are certainly pleasing.
> But, I don't think that the schism over the threat model is going to
> disappear through persuasion, so unless a third approach emerges, combining
> PFS and statelessness, I doubt that there will be a way to satisfy all
> parties.
>
I believe that there is such a way. I call it SKEME and its description
can be downloaded via the web or anonymous ftp from the addresses below.
It shows how to "upgrade" either Photuris or SKIP to provide
a full range of forward secrecy: from none to good to perfect,
and all in one compact protocol.
The complexity of implementation is comparable to Photuris but it can offer
as a well-defined subset the functionality and stateless-ness of SKIP
(in particular, see last paragraph in the "Concluding Remarks" section).
Retrieve it from:
http://www.research.ibm.com/xw-941f-skeme
ftp://software.watson.ibm.com/pub/security/
(the ftp link will not be operational until Monday)
Hugo