[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
From: Tylor Allison <allison@securecomputing.com>
Date: Thu, 20 Jun 2002 17:11:25 -0500 (CDT)
cc: Paul Koning <pkoning@equallogic.com>, <ipsec@lists.tislabs.com>
In-Reply-To: <200206201919.g5KJJr518875@marajade.sandelman.ottawa.on.ca>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 20 Jun 2002, Michael Richardson wrote:

> >>>>> "Paul" == Paul Koning <pkoning@equallogic.com> writes:
>     >> They migrate from distributing opaque blobs of hex digits that must be
>     >> kept private to distributing opaque blobs of base64 digits that do not
>     >> benefit from staying private, but it doesn't hurt them either.
>     >>
>     >> Can they tell the difference? The length is a bit longer.
>
>     Paul> A LOT longer.  Long enough that -- unlike preshared keys -- you
>     Paul> cannot enter them manually.
>
>   Not compared to a decent shared secret. If you want to do passwords, fine.
> However, since they do not need to be kept secret, you can cut and paste.
> For the client system, typing stuff in is not the end of the world. Here is
> a 1024 bit public key:
>
>         AwEAAZ7PeJWDMO69GjPbXWaN0UnHnNj3lANETIAtluJbpLfVeVpRubsYTru4kYxU
>         K999Ga/23/Aw7mZrI+wQ3uhF36Tuxw76ls3FsgJuWxqdzLxlZxM8r/lXNGUftLPk
>         fxbTwXgsfKcqhJCfraPLFH0QhCRVN56EW3Y91YCIMMyRAHbR
>
> I wouldn't want to do that every day, but it is doable. Babble format
> would do an even better job.
>
>     Paul> True.  But PK, even if all you ever use is selfsigned certs, still
>     Paul> needs a lot more near-incomprehensible concepts than preshared keys
>     Paul> do.
>
> Only if you write a poor interface.

But that's the point... it's very possible to design a bad interface for
handling public keys (and innumerable ways to design a good one).  Without
a clear and concise mandate from this WG on the minimum requirements for
PK/PKI, there will be interoperability problems (NOTE: this is not a
bits-on-the-wire issue but a deployment issue).... IKEv1 should serve as
an example for that!  The same really can't be said for pre-shared keys...
they are simple, straight-forward, and almost guaranteed to interoperate
between any two vendors.  Why throw it away?

> ]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
> ]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
> ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
> ] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

=====================================================================
= Tylor Allison         Secure Computing Corporation        =========
=====================================================================

Follow-Ups:
- Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
  - From: Henry Spencer <henry@spsystems.net>
- Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
  - From: Sandy Harris <sandy@storm.ca>

References:
- Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: SOI QUESTIONS: 2.6 Formal proofs of security
Next by Date: RE: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
Prev by thread: Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
Next by thread: Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
Index(es):
- Date
- Thread