[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
From: Henry Spencer <henry@spsystems.net>
Date: Thu, 20 Jun 2002 18:53:28 -0400 (EDT)
In-Reply-To: <Pine.GSO.4.33.0206201646310.1333-100000@gandalf.sctc.com>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 20 Jun 2002, Tylor Allison wrote:
> ...Without
> a clear and concise mandate from this WG on the minimum requirements for
> PK/PKI, there will be interoperability problems...

Yes, and this is a problem... why, exactly?  This just means that such a
solution must include such a clear and concise specification of how to
proceed.  That doesn't seem contrary to the laws of physics; surely it can
be done. 

> ...The same really can't be said for pre-shared keys...
> they are simple, straight-forward, and almost guaranteed to interoperate
> between any two vendors.  Why throw it away?

Because there is a price, one that may not be worth paying.

I would be happier about adding/retaining a second authentication scheme
if it paid for itself in some other way too, e.g. the suggestion that a
well-designed shared-secret authentication scheme could also handle most
of the legacy-authentication problem.

                                                          Henry Spencer
                                                       henry@spsystems.net

References:
- Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
  - From: Tylor Allison <allison@securecomputing.com>

Prev by Date: PFS + rekeying interconnection
Next by Date: Re: SOI QUESTIONS: 2.3 Authentication styles
Prev by thread: Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
Next by thread: Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
Index(es):
- Date
- Thread