Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)

[Ari Huttunen <Ari.Huttunen@f-secure.com>]

Paul Koning wrote:
> 
> Excerpt of message (sent 20 June 2002) by Michael Richardson:
> >     Tylor> Many customers have deployed with pre-shared key authentication
> >     Tylor> ... will
> >     Tylor> these customers roll to IKEv2 if this authentication is not
> >     Tylor> supported?
> >     Tylor> What is their migration path?
> >
> >   They migrate from distributing opaque blobs of hex digits that must be
> > kept private to distributing opaque blobs of base64 digits that do not
> > benefit from staying private, but it doesn't hurt them either.
> >
> >   Can they tell the difference? The length is a bit longer.
> 
> A LOT longer.  Long enough that -- unlike preshared keys -- you cannot
> enter them manually.

Why not just make a hash of the public key of the peer and compare it with the hash
that's defined by the user? (The probability of generating two PK key pairs
with public keys that hash to the same value must be low? Maybe you could even 
get along by reducing the hash length?) 
Of course SOI will need to send the public key on-the-wire for this to work.

Ari


-- 

Ari Huttunen                   phone: +358 9 2520 0700
Software Architect             fax  : +358 9 2520 5001

F-Secure Corporation       http://www.F-Secure.com 

F(ully)-Secure products: Securing the Mobile Enterprise