[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DH vs. RSA use for symmetric key exchange

To: "Khaja E. Ahmed" <khaja.ahmed@home.com>
Subject: Re: DH vs. RSA use for symmetric key exchange
From: Sandy Harris <sandy@storm.ca>
Date: Fri, 01 Dec 2000 14:26:40 -0500
CC: ipsec@lists.tislabs.com
References: <200011301051.FAA25467@ietf.org> <005301c05bb5$d65a1550$e4570f18@plstn1.sfba.home.com>
Sender: owner-ipsec@lists.tislabs.com

"Khaja E. Ahmed" wrote:
> 
> Would anyone have some pointers on what percentage of the installed base of
> IPSEC capable routers _use_ RSA vs. DH for exchanging symmetric keys?

The question is mis-phrased.

IPSEC uses Diffie-Hellman key negotiation for all symmetric keys that are
automatically created. The only case where DH is not used is manual mode,
where keys are set by the administrators rather than negotiated.

The DH exchange must be authenticated and there are several mechanisims
for that authentication, including shared secrets, RSA signatures and various
forms of certificate. 

> A sub
> goal of this question is to figure out what percentage of such devices use
> certificates.
> 
> I would be grateful for any guesses, estimates or pointers to more info.

IPSEC background info, lots of links:
http://www.freeswan.org/freeswan_trees/freeswan-1.5/doc/links.ipsec.html#protocols

Follow-Ups:

Re: DH vs. RSA use for symmetric key exchange

From: "Khaja E. Ahmed" <khaja.ahmed@home.com>

References:

DH vs. RSA use for symmetric key exchange

From: "Khaja E. Ahmed" <khaja.ahmed@home.com>

Prev by Date: Re: Synchronisation in IKE
Next by Date: Next IPsec & L2TP Bakeoff
Prev by thread: DH vs. RSA use for symmetric key exchange
Next by thread: Re: DH vs. RSA use for symmetric key exchange
Index(es):
- Main
- Thread