[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ssh protocol
People have also suggested using the Photuris protocol that is part of
the IP Security work being done at IETF
(ftp://www.cnri.reston.va.us/internet-drafts/draft-ietf-ipsec-photuris-02.txt).
The basic idea behind the protocol goes roughly like this:
1. Exchange session keys using Diffie-Hellman
2. Each side sends a signature of the Diffie-Hellman exchange (the
signature can be with any of a number of algorithms; RSA and
Elliptic Curve systems have been defined).
If this were adapted to ssh, the protocol would look roughly like
this:
1. Exchange session keys using Diffie-Hellman
2. Each side sends a signature of the Diffie-Hellman exchange by its
host key
3. RSA and Rhosts authentication requests would include a signature
by the requesting key.
This would get rid of the server key and the need to regenerate it,
because the diffie-hellman exchange already prevents decrypting old
conversations. The challenge-dialogs could be avoided (unless they
are needed for performance reasons to avoid unnecessary signature
computations).
One could also eliminate RSA in future and start using some other
public key cryptosystem if desired. The Diffie-Hellman patent and the
generic public key patent expire in 1997; the RSA-patent does not
expire until about year 2000.
Anyway, this would be a major change that probably cannot easily be
made compatibly. Maybe an incompatible ssh-2.x? Anyway, I don't want
to rush into making major changes in the protocol.
I would very much like to hear comments on this approach.
Tatu