[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP Unix encrypted session protocol software

To: "Perry E. Metzger" <[email protected]>
Subject: Re: ESP Unix encrypted session protocol software
From: Alan Barrett <[email protected]>
Date: Tue, 31 Jan 1995 09:54:42 +0200 (GMT+0200)
Cc: [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

> > Right - using DH exchange is probably appropriate in situations where
> > there is no pre-established credentials for the party on the other
> > machine.
> 
> D-H also provides perfect forward secrecy, which is a reason to use it
> even if there is already an established set of credentials.

How about public-key signing the D-H exchange?  Public key to eliminate[*]
the man-in-the-middle attack, and D-H for forward secrecy.

* Almost eliminate.  A sufficiently powerful man in the middle could 
  conceivably subvert the public keys.

--apb (Alan Barrett)

References:
- Re: ESP Unix encrypted session protocol software
  - From: "Perry E. Metzger" <[email protected]>

Prev by Date: RE: "bad" government
Next by Date: The RSA FAQ on http://www.catalog.com/jamesd/rsafaq.html
Prev by thread: Re: ESP Unix encrypted session protocol software
Next by thread: Re: ESP Unix encrypted session protocol software
Index(es):
- Date
- Thread