[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DH vs. RSA use for symmetric key exchange
Thank you sandy. While we are on ignorance abatement:
1.) Can someone point me to either a discussion archive or other material on
man in the middle attacks on IKE?
2.) Anyone have a feel for what percentage of VPN ( or other IPsec)
deployment uses RSA public key Certificates for authentication?
Forgive me if I am asking "much answered" questions. I am just getting into
----- Original Message -----
From: "Sandy Harris" <firstname.lastname@example.org>
To: "Khaja E. Ahmed" <email@example.com>
Sent: Friday, December 01, 2000 11:26 AM
Subject: Re: DH vs. RSA use for symmetric key exchange
> "Khaja E. Ahmed" wrote:
> > Would anyone have some pointers on what percentage of the installed base
> > IPSEC capable routers _use_ RSA vs. DH for exchanging symmetric keys?
> The question is mis-phrased.
> IPSEC uses Diffie-Hellman key negotiation for all symmetric keys that are
> automatically created. The only case where DH is not used is manual mode,
> where keys are set by the administrators rather than negotiated.
> The DH exchange must be authenticated and there are several mechanisims
> for that authentication, including shared secrets, RSA signatures and
> forms of certificate.
> > A sub
> > goal of this question is to figure out what percentage of such devices
> > certificates.
> > I would be grateful for any guesses, estimates or pointers to more info.
> IPSEC background info, lots of links: