[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DH vs. RSA use for symmetric key exchange

To: "'Khaja E. Ahmed'" <khaja.ahmed@home.com>, "'Hugo Krawczyk'" <hugo@ee.technion.ac.il>, "'ipsec list'" <ipsec@lists.tislabs.com>
Subject: RE: DH vs. RSA use for symmetric key exchange
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: Thu, 7 Dec 2000 18:32:21 -0500
Importance: Normal
In-Reply-To: <01d601c0607d$d66efbb0$e4570f18@plstn1.sfba.home.com>
Reply-To: <andrew.krywaniuk@alcatel.com>
Sender: owner-ipsec@lists.tislabs.com

> I thought PFS has to do with not using material from (or related to) a
> previous key to generate each subsequent key.  Do we here use
> PFS to mean
> that the symmetric key should not only not be derived from a
> previous key
> but must not be encrypted with the same key as before?

As I pointed out in a thread a few months ago (see
http://www.vpnc.org/ietf-ipsec/mail-archive/msg01761.html), the meaning of
PFS has changed over the years.

The original PFS property (which ensures that stored traffic cannot be
decrypted if a private key is eventually compromised) is much more important
than the modern "QM PFS" property (which is a less secure optimization of
phase 1 rekeying).

Andrew
--------------------------------------
Beauty with out truth is insubstantial.
Truth without beauty is unbearable.

References:

Re: DH vs. RSA use for symmetric key exchange

From: "Khaja E. Ahmed" <khaja.ahmed@home.com>

Prev by Date: Re: DH vs. RSA use for symmetric key exchange
Next by Date: Re: DH vs. RSA use for symmetric key exchange
Prev by thread: Re: DH vs. RSA use for symmetric key exchange
Next by thread: Re: DH vs. RSA use for symmetric key exchange
Index(es):
- Main
- Thread