[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DH vs. RSA use for symmetric key exchange
In reading the first half of para 3 on page 6 of RFC.2409 I arrived at the
understanding that the ratio need _not_ be 1:1:1.
The para is below:
" With the use of ISAKMP phases, an implementation can accomplish very
fast keying when necessary. A single phase 1 negotiation may be used
for more than one phase 2 negotiation. Additionally a single phase 2
negotiation can request multiple Security Associations. With these
optimizations, an implementation can see less than one round trip per
SA as well as less than one DH exponentiation per SA. "
Did I misunderstand it?
Khaja
----- Original Message -----
From: "Bill Sommerfeld" <sommerfeld@East.Sun.COM>
To: "Khaja E. Ahmed" <khaja.ahmed@home.com>
Cc: "Hugo Krawczyk" <hugo@ee.technion.ac.il>; "ipsec list"
<ipsec@lists.tislabs.com>
Sent: Thursday, December 07, 2000 11:09 AM
Subject: Re: DH vs. RSA use for symmetric key exchange
> > Is PFS intended to cover the risk associated with an RSA private key
being
> > compromised? If so, I assume it would apply to DH keys as well if they
get
> > reused. An optimization in IKE ( I think ) is the ability to reuse DH
keys
> > to establish multiple SAs and generate multiple keys. Is there any
> > recommendation on how many SAs can be generated or for how long a DH key
can
> > be used?
>
> I've never previously seen a suggestion that IKE should use
> non-ephemeral DH keys, so it's fair to say, "one DH key, one (phase 1)
> SA" and "one DH key, one (phase 2 with pfs) SA".
>
> - Bill
>
Follow-Ups:
References: