[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: forward secrecy
At 08:57 PM 12/15/95 -0500, Perry E. Metzger wrote:
>
>I'd like to note, as I periodically do, that SKIP is in no way
>actually stateless. Thats just marketing hype by Ashar. In order to
>use a SKIP datagram in any real system you are going to have to get
>keys from a keyserver, thus almost completely obviating the claimed
>advantages of SKIP.
This is *not* true for any real system. Just for a (certainly very large)
part of systems. By the way, could you please explain to me, why using
a key server introduces state?
>You can, of course, operate SKIP with statically configured keys --
>but in that case why not just run ESP and AH with statically
>configured keys and get rid of the overhead?
Even in this somewhat degenerated scenario SKIP still supports multiple
name spaces, and allows for traffic keys and a (currently *very* coarse)
playback protection. Native AH/ESP does not give you that.
Friendly greetings,
Germano