[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Definition of PFS...

To: "'Hilarie Orman'" <HORMAN@novell.com>, andrew.krywaniuk@alcatel.com, ipsec@lists.tislabs.com
Subject: RE: Definition of PFS...
From: "Mason, David" <David_Mason@nai.com>
Date: Fri, 13 Oct 2000 12:10:35 -0700
Sender: owner-ipsec@lists.tislabs.com

Are you saying that a 768-bit MODP DH would be useful (and make sense
security wise cryptographically) in QM even though the IPsec cipher
negotiated has a large key?  Would using a 1536-bit (or larger) DH generally
be a waste of computational resources for the QM DH (in what cases
would/would not a 768-bit DH suffice)?  The way IPsec keys are currently
generated in IKE I would think that you would want to either always do a QM
DH or never do a QM DH (periodically doing them only helps that specific
exchange - should son-of-ike consider folding the QM g^xy back into SKEYID_d
somehow so that periodic QM DH has value beyond the specific exchange -
although simultaneous QMs would make this problematic?).

-dave

-----Original Message-----
From: Hilarie Orman [mailto:HORMAN@novell.com]
Sent: Friday, October 13, 2000 2:04 PM
To: andrew.krywaniuk@alcatel.com; ipsec@lists.tislabs.com
Subject: Re: Definition of PFS...


The point of ephemeral Diffie-Hellman in QM is to get independent keying
material (PFS) without repetition of authentication.  The assumption is that
this will be done periodically and should be as inexpensive as possible.

Hilarie

Follow-Ups:

Re: Definition of PFS...

From: Ari Huttunen <Ari.Huttunen@F-Secure.com>

Prev by Date: RE: Definition of PFS...
Next by Date: Re: charter question re IKE changes
Prev by thread: Re: Definition of PFS...
Next by thread: Re: Definition of PFS...
Index(es):
- Main
- Thread