[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI: identity protection and DOS

To: Derek Atkins <warlord@mit.edu>
Subject: Re: SOI: identity protection and DOS
From: Arne Ansper <arne@ats.cyber.ee>
Date: Wed, 28 Nov 2001 13:32:43 +0200 (Israel Standard Time)
cc: <ipsec@lists.tislabs.com>
In-Reply-To: <sjmwv0by9ha.fsf@benjamin.ihtfp.org>
Sender: owner-ipsec@lists.tislabs.com



> To play devil's advocate, you can (relatively-) easily share a
> secret via voice and telephone.  Sharing a public key via telephone
> is much more challenging.
>
> OTOH, one could send the public key via email and then vocally
> exchange a hash of the key, so I suppose it's six or one-half
> dozen....

even better: exchange the hash via phone and send the key during protocol.
why it's better? if we have systems that use shared secrets for
authentication and procedures for exchanging those keys we can keep those
systems and simply replace "shared secret" with "hash of the public key".
(i'm talking from managemental perspective of course). "shared secret" and
"hash of the public key" look very much the same when we are talking about
secure shared secrets (long enough and random enough). this way we have a
kind of upgrade path for those systems that are currently using shared
secrets for authentication and would like to swich over to new key
exchange protocol.

arne

References:

Re: SOI: identity protection and DOS

From: Derek Atkins <warlord@mit.edu>

Prev by Date: The Use of Camellia with IPsec
Next by Date: Re: SOI: identity protection and DOS
Prev by thread: Re: SOI: identity protection and DOS
Next by thread: Re: SOI: identity protection and DOS
Index(es):
- Main
- Thread