[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP Unix encrypted session protocol software



On Mon, 30 Jan 1995, Matt Blaze wrote:

> And if you had a trusted secure key
> store on the remote host, you wouldn't really need to use Diffie-Hellman
> to establish the session key in the first place, since you could just
> store each user's pre-established session key in advance.

Right - using DH exchange is probably appropriate in situations where
there is no pre-established credentials for the party on the other
machine.  Inter-domain authentication while possible in theory is not
often carried out to any great extent in reality.  Companies don't trust
each other, or at least are not concerned by this lack of security for
inter-domain communications. 

-Thomas