[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: An observation or two

To: ipsec@ans.net
Subject: Re: An observation or two
From: Germano Caronni <caronni@tik.ee.ethz.ch>
Date: Sun, 03 Mar 1996 22:12:35 +0100
Sender: ipsec-request@neptune.tis.com

At 13:15 7.1.96 -0800, you wrote:
>I will offer just a technical observation or two speaking only for myself.  
>
>ANY hybrid Diffie-Hellman scheme can provide Perfect Forward Secrecy.  
>Your mention of one-time pads was entirely extraneous.  Moreover, there 
>is a lot of experience with deployed systems indicating the Hybrid 
>Diffie-Hellman is not too expensive computationally or otherwise impractical.

By now I have recovered Diffies paper, and done some more hunting for
literature. But sincerly I found no **definition** of the term 'perfect
forward secrecy', anywhere. Do you have a reference at hand, which
introduces this term? Otherwise I feel like defining it myself. And the
expression 'perfect' is a very dangerous one ;-) which really leads to OTPs. 
Certainly I agree with you, hybrid DH _is_ practical. It's just not a
perfect solution.

>Second, as near as I can tell, none of the current drafts meet _all_ of the
>WG requirements.  Hence, your misunderstanding that this is about SKIP
>(hint: the questions are NOT specific to SKIP) is not well founded.

Well, one learns ;-) I sometimes have the impression that the
non-progression of the different standards is not wholedly based due to
technical reasons. From an idealistic point of view (let's call it Secure
Internet) I want IPSEC to move on. I do not care if it moves into the
Photuris direction, Oakley, SKIP, or all of them at the same time, as long
has we finally get some progress. Compared to the initial WG schedule IPSEC
is about one year (or more?) late... Then naturally I have some personal
preferences, but I believe I need not elaborate on those ;->> -- and they
are not exactly relevant in the standardisation process.

I definitvely have a problem with the working group requirements. They - let
me exagerate - do NOT exist. What we have is a collage of emails and
proceedings, which contain partially colliding requirements. Also this
inexistant list has mutated more than once or twice. I fear most people that
'know' the WG requirements and talk about them on the mailing list, have
views of their own as to what these requirements are. I would really enjoy
seeing a list, perhaps even stating which draft satisfies which
requirements. Naturally this is no easy task, and as I am not even able to
bring out a little transorm (sigh) draft in time, I will not volunteer to do
this.

Well, sorry for this rather longish mail, perhaps I will now sleep better.

Talk to you soon,

        Germano

Prev by Date: Re: traffic type header
Next by Date: MACs based on hash
Prev by thread: Re: traffic type header
Next by thread: MACs based on hash
Index(es):
- Main
- Thread