[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: forward secrecy
Germano Caronni writes:
> At 08:57 PM 12/15/95 -0500, Perry E. Metzger wrote:
> >I'd like to note, as I periodically do, that SKIP is in no way
> >actually stateless. Thats just marketing hype by Ashar. In order to
> >use a SKIP datagram in any real system you are going to have to get
> >keys from a keyserver, thus almost completely obviating the claimed
> >advantages of SKIP.
>
> This is *not* true for any real system. Just for a (certainly very large)
> part of systems.
Yes, you are correct. I'm sure that a tiny fraction of systems will
be happy with manual keying, in which case why not use ESP/AH.
> By the way, could you please explain to me, why using a key server
> introduces state?
Who cares if it induces state? It induces all the delays that the
claimed "statelessness" of SKIP supposedly avoids. I don't care about
semantic debates. The fact remains that if you use SKIP in the real
world, you don't have a system where you just fire a packet and it can
be received and decoded at once -- the destination must look up the
keys, which involves network round trips. Once the keys are in place,
the delay goes away -- same as with Photuris, of course.
I again ask people -- what is the point of SKIP if it costs you
perfect forward secrecy and lots of other things and buys you nothing
at all? All the claimed benefits are marketing hype -- there is no
substance to them. SKIP has not a single advantage and lots of
disadvantages.
> >You can, of course, operate SKIP with statically configured keys --
> >but in that case why not just run ESP and AH with statically
> >configured keys and get rid of the overhead?
>
> Even in this somewhat degenerated scenario SKIP still supports multiple
> name spaces,
So do ESP/AH -- they are multiple SAIDs, which your implementation of
ESP/AH doesn't support, I will note, thus making it non-conformant.
Perry
References: