[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DH vs. RSA use for symmetric key exchange
Thank you sandy. While we are on ignorance abatement:
1.) Can someone point me to either a discussion archive or other material on
man in the middle attacks on IKE?
2.) Anyone have a feel for what percentage of VPN ( or other IPsec)
deployment uses RSA public key Certificates for authentication?
Forgive me if I am asking "much answered" questions. I am just getting into
IPsec.
Thank you.
Khaja
----- Original Message -----
From: "Sandy Harris" <sandy@storm.ca>
To: "Khaja E. Ahmed" <khaja.ahmed@home.com>
Cc: <ipsec@lists.tislabs.com>
Sent: Friday, December 01, 2000 11:26 AM
Subject: Re: DH vs. RSA use for symmetric key exchange
> "Khaja E. Ahmed" wrote:
> >
> > Would anyone have some pointers on what percentage of the installed base
of
> > IPSEC capable routers _use_ RSA vs. DH for exchanging symmetric keys?
>
> The question is mis-phrased.
>
> IPSEC uses Diffie-Hellman key negotiation for all symmetric keys that are
> automatically created. The only case where DH is not used is manual mode,
> where keys are set by the administrators rather than negotiated.
>
> The DH exchange must be authenticated and there are several mechanisims
> for that authentication, including shared secrets, RSA signatures and
various
> forms of certificate.
>
> > A sub
> > goal of this question is to figure out what percentage of such devices
use
> > certificates.
> >
> > I would be grateful for any guesses, estimates or pointers to more info.
>
> IPSEC background info, lots of links:
>
http://www.freeswan.org/freeswan_trees/freeswan-1.5/doc/links.ipsec.html#pro
tocols
Follow-Ups:
References: