[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)

To: "Theodore Ts'o" <tytso@mit.edu>
Subject: Re: SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)
From: Bill Sommerfeld <sommerfeld@east.sun.com>
Date: Thu, 20 Jun 2002 16:07:28 -0400
cc: ipsec@lists.tislabs.com
In-Reply-To: Your message of "Tue, 18 Jun 2002 18:17:14 EDT." <E17KRHm-0001IX-00@think.thunk.org>
Reply-to: sommerfeld@east.sun.com
Sender: owner-ipsec@lists.tislabs.com

> 2.2 Perfect forward secrecy (PFS)
> 
> 2.2.A) JFK and IKEv2 can provide PFS as well as "imperfect forward
> secrecy" by trading off performance versus the level of PFS provided.
> The funcitonality provided is roughly identical.  Does anyone care
> about the details of how IKEv2 versus JFK provides this functionality?
> Should we just flip a coin?

I think the specs need to be clear about what the forward-secrecy
guarantees are.  In particular, in order to provide forward-secrecy
guarantees to the users of IPsec, SA keying material needs agreed-upon
"destroy-after" dates.

I believe this requires protocol-visible IPsec SA and DH exchange
keying material lifetimes.

I don't believe a separate DH exchange is needed for each SA; I'm
agnostic about whether a separate DH exponent key is required per
peer; i.e., I think the IKE vs JFK differences are immaterial for
this.

					- Bill

References:
- SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)
  - From: "Theodore Ts'o" <tytso@mit.edu>

Prev by Date: Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
Next by Date: RE: SOI QUESTIONS: 2.4-2.6
Prev by thread: Re: SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)
Next by thread: Re: SOI QUESTIONS: 2.2 Perfect forward secrecy (PFS)
Index(es):
- Date
- Thread