[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DH vs. RSA use for symmetric key exchange

Thank you sandy.  While we are on ignorance abatement:

1.) Can someone point me to either a discussion archive or other material on
man in the middle attacks on IKE?

2.) Anyone have a feel for what percentage of VPN ( or other IPsec)
deployment uses RSA public key Certificates for authentication?

Forgive me if I am asking "much answered" questions.  I am just getting into

Thank you.


----- Original Message -----
From: "Sandy Harris" <sandy@storm.ca>
To: "Khaja E. Ahmed" <khaja.ahmed@home.com>
Cc: <ipsec@lists.tislabs.com>
Sent: Friday, December 01, 2000 11:26 AM
Subject: Re: DH vs. RSA use for symmetric key exchange

> "Khaja E. Ahmed" wrote:
> >
> > Would anyone have some pointers on what percentage of the installed base
> > IPSEC capable routers _use_ RSA vs. DH for exchanging symmetric keys?
> The question is mis-phrased.
> IPSEC uses Diffie-Hellman key negotiation for all symmetric keys that are
> automatically created. The only case where DH is not used is manual mode,
> where keys are set by the administrators rather than negotiated.
> The DH exchange must be authenticated and there are several mechanisims
> for that authentication, including shared secrets, RSA signatures and
> forms of certificate.
> > A sub
> > goal of this question is to figure out what percentage of such devices
> > certificates.
> >
> > I would be grateful for any guesses, estimates or pointers to more info.
> IPSEC background info, lots of links:

Follow-Ups: References: