[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

forward secrecy: satisfying all parties

To: ho@cs.arizona.edu, ashar@osmosys.incog.com
Subject: forward secrecy: satisfying all parties
From: hugo@watson.ibm.com
Date: Fri, 15 Dec 95 14:33:38 EST
Cc: ipsec@ans.net

Ref:  Your note of Thu, 14 Dec 1995 18:09:26 -0700 (attached)

Hilarie Orman writes:
 >
 > SKIP will probably be acceptable to some user communities.  It's
 > statelessness and resulting protocol simplicity are certainly pleasing.
 > But, I don't think that the schism over the threat model is going to
 > disappear through persuasion, so unless a third approach emerges, combining
 > PFS and statelessness, I doubt that there will be a way to satisfy all
 > parties.
 >

I believe that there is such a way. I call it SKEME and its description
can be downloaded via the web or anonymous ftp from the addresses below.
It shows how to "upgrade" either Photuris or SKIP to provide
a full range of forward secrecy: from none to good to perfect,
and all in one compact protocol.

The complexity of implementation is comparable to Photuris but it can offer
as a well-defined subset the functionality and stateless-ness of SKIP
(in particular, see last paragraph in the "Concluding Remarks" section).

Retrieve it from:

     http://www.research.ibm.com/xw-941f-skeme
     ftp://software.watson.ibm.com/pub/security/

(the ftp link will not be operational until Monday)

Hugo

Prev by Date: Re: forward secrecy
Next by Date: Re: forward secrecy
Prev by thread: Re: forward secrecy
Next by thread: CFP: Special issue on ATM SWITCHING
Index(es):
- Main
- Thread