[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: "Khaja E. Ahmed" <khaja.ahmed@home.com>*Subject*: Re: DH vs. RSA use for symmetric key exchange*From*: Hugo Krawczyk <hugo@ee.technion.ac.il>*Date*: Thu, 7 Dec 2000 13:23:40 +0200 (IST)*cc*: ipsec list <ipsec@lists.tislabs.com>*In-Reply-To*: <003001c05e1c$3e2fa920$e4570f18@plstn1.sfba.home.com>*Sender*: owner-ipsec@lists.tislabs.com

Khaja, you make some valid points below. IKE could have accomodated a non-PFS (perfect forward secrecy) mode that would dispense of the cost of a DH exchange. A suggestion like that appeared once as an internet draft that is now expired. Such a mode would be useful in some situations. Particularly those that do not require confidentiality but just authentication. However, the current high-priority goal is to streamline IKE such that implementation complexity is lowered and inter-operability improved. In this state of affairs adding new modes is not productive. Hugo > Thanks again Sandy for the very useful pointers. > > I do wonder though... > > In a situation where one or both parties of a key exchange session has > (have) an RSA public key certificate what is the advantage of using DH to > exchange keys and then using RSA to authenticate the party? Why not do what > happens in SSL / TLS? Use the RSA public key to exchange the symmetric key. > Is one approach computationally more efficient than the other? Clearly IKE > does not support use of RSA to do key exchange today. Is there a reason why > this was not implemented / supported in IKE? Is this a useful thing to > explore? Would there be any advantage to allowing / supporting both methods > of exchanging keys? > > Khaja > >

**Re: DH vs. RSA use for symmetric key exchange***From*: "Khaja E. Ahmed" <khaja.ahmed@home.com>

**Re: DH vs. RSA use for symmetric key exchange***From*: "Khaja E. Ahmed" <khaja.ahmed@home.com>

- Prev by Date:
**RE: On transport-level policy enforcement (was Re: RFC 2401...)** - Next by Date:
**Re: DH vs. RSA use for symmetric key exchange** - Prev by thread:
**Re: DH vs. RSA use for symmetric key exchange** - Next by thread:
**Re: DH vs. RSA use for symmetric key exchange** - Index(es):