[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: preshared
On Mon, 19 Nov 2001, Michael Thomas wrote:
> The consequence of using naked public keys in lieu
> of symmetric keys is that you incur the cost of
> both a DH and a RSA operation...
Correct. That's the same overhead as experienced with certificates, etc.,
so if it is acceptable for large-scale high-volume use, it should be okay
for a fallback mode intended for more limited applications.
> You could
> conceivably get rid of the DH if you don't care
> about identity, but for preshared keys it seems
> questionable why you'd want to do _either_.
Today's preshared keys are for authentication, not encryption, so the DH
step is not optional -- they often are things like English phrases, which
may be okay for authentication but definitely does not provide encryption
strong enough to adequately protect session-key exchanges.
A proposal for an ultra-low-overhead IKE authentication mode, using strong
preshared keys to eliminate the DH step as well, is a separate issue from
whether we should retain the existing preshared-key mode (which does not
fit that description).
Henry Spencer
henry@spsystems.net
Follow-Ups:
References: