[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Some comments on JFK
I agree - The encryption algorithm(s) in use should be part of the protocol
specification. (Indeed, stream ciphers such as RC4 are not appropriate.)
BTW, forgot to mention - I agree with your assessment of what goes wrong if
the signature in message 4 in JFK is replaced with a MAC. This is exactly
why it is there.
Ran
> From ekr@rtfm.com Tue Dec 4 00:49:08 2001
>
> Ran Canetti <canetti@watson.ibm.com> writes:
> > * Regarding different keys for encryption by I and R. This is not really
> > necessary if you're using CBC with random IV, or any "decent" encryption
> > method. (And, yes, ECB mode is not really "decent" in this context.)
> It wouldn't be safe to use RC4, however. IMHO the protocol should either
> state what invariants are being assumed or should be constructed to be
> safe in the face of a weaker set of invariants.
>
> Cheers,
> -Ekr
>
> --
> [Eric Rescorla ekr@rtfm.com]
> http://www.rtfm.com/
>
Follow-Ups: