[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DH vs. RSA use for symmetric key exchange

In reading the first half of para 3 on page 6 of RFC.2409 I arrived at the
understanding that the ratio need _not_ be 1:1:1.

The para is below:

  "  With the use of ISAKMP phases, an implementation can accomplish very
   fast keying when necessary.  A single phase 1 negotiation may be used

   for more than one phase 2 negotiation.  Additionally a single phase 2

   negotiation can request multiple Security Associations.  With these

   optimizations, an implementation can see less than one round trip per

   SA as well as less than one DH exponentiation per SA. "

Did I misunderstand it?


----- Original Message -----
From: "Bill Sommerfeld" <sommerfeld@East.Sun.COM>
To: "Khaja E. Ahmed" <khaja.ahmed@home.com>
Cc: "Hugo Krawczyk" <hugo@ee.technion.ac.il>; "ipsec list"
Sent: Thursday, December 07, 2000 11:09 AM
Subject: Re: DH vs. RSA use for symmetric key exchange

> > Is PFS intended to cover the risk associated with an RSA private key
> > compromised?  If so, I assume it would apply to DH keys as well if they
> > reused.  An optimization in IKE ( I think ) is the ability to reuse DH
> > to establish multiple SAs and generate multiple keys.  Is there any
> > recommendation on how many SAs can be generated or for how long a DH key
> > be used?
> I've never previously seen a suggestion that IKE should use
> non-ephemeral DH keys, so it's fair to say, "one DH key, one (phase 1)
> SA" and "one DH key, one (phase 2 with pfs) SA".
> - Bill

Follow-Ups: References: