I've recently been asked to comment on a key exchange protocol which uses symmetric cryptography and a mutually trusted third party. The obvious recommendation is to copy the Kerberos protocol (perhaps with updated cryptographic primitives), but let's assume that's not feasible for some reason.
I'm wondering what's the state of the art here, and if there are any formal methods for deciding if a particular protocol has certain security properties. I know that there have been some advances in this area, but it's sort of difficult to put together the current overall picture. (This assumes that the primitives are themselves secure, and that leakage from improper implementation of the primitives can be contained in some way, e.g. no padding oracles.) _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
