[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Hugo tutors (Was: (IMPORTANT) ...)
> Date: Thu, 29 Feb 96 18:31:34 EST
> From: hugo@watson.ibm.com
> There is so much traffic in this list these days and I hate contributing
> more but this may interest other people in addition to Perry.
>
> Waiting 1-2 years is unrealistic for IETF proposals.
> However, I wish there was a more orderly scrutiny of security designs
> for IETF protocols by cryptographers.
>
> Photuris is a good example. It took me 6 drafts (from 03 to 09)
> to convince Simpson to derive *independent* key bits for keyed-MD5 and DES.
This is a patently false and misleading statement.
Since, until draft -09, AH and ESP always had different SPIs, they also
always had independently derived keys.
With the advent of the WG request this winter for the _complication_ of
having AH and ESP _share_ the same SPI, then the key schedule of ESP-DES
in Photuris was required to change.
A more _complicated_ design engendered a more _complicated_ keying
schedule. No surprise there; these requests seem to avalanche.
I find it personally insulting that Hugo claims to have to teach us
simple and practical cryptographic features.
I will leave it to the rest of you to decide whether he is on track
about other "cryptographic sins".
> cryptographic sins. I didn't see where is the cryptographic community
> that is inspecting this design.
I have in hand a quote from another cryptographic analyst:
"I am impressed with the thoroughness of the Photuris spec."
Thanks anyway....
WSimpson@UMich.edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2