-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hiya, On 03/12/2014 09:13 PM, Michael Richardson wrote: > > Stephen Farrell <[email protected]> wrote: >> On 03/12/2014 08:47 PM, Michael Richardson wrote: >>> The part that we are all discussing is determining how (much) >>> to trust the DH results. > >> I don't think that's a very accurate characterisation to be >> honest. > >> I think the most relevant (but intertwined) factors are: > >> - trading off ease of deployment vs. endpoint authentication - >> trading off protection against passive vs active attack - better >> separating key exchange from endpoint authentication so that >> traditional authentication or TOFU or whatever can be used before >> during or after key exchange > > But, you made my point. Well yes and no, we're agreeing and almost but not quite discussing the same things I figure, let's see if that continues... :-) > While the end user sees the overall benefit is: my traffic can not > seen > > The problems and challenges that we have are not in how or even > when to apply AES, Agreed. > it's how/when to do the DH. "How" to do DH is pretty much the same everywhere or at least the diffs are not relevant for a generic terminology draft. "When" is I think as-soon-as-you-can (modulo amortizing DH over multiple "sessions" or similar). I think our challenges are not in when to do DH but in how that relates to when we might do what forms of endpoint authentication (or none) and the consequences of each of those options. That's why I think a generic terminology draft will be useful, as there are lots of potential combinations. Naming each (or whatever) will make it easier for protocol developers to argue about what's suitable for their particular environments. For example, in the limit, I think it'd be worth thinking about whether a post-facto MITM detection protocol perhaps run a day or two later might have value. That'd be more of a research topic really, but could still represent a form of useful endpoint authentication even if it only detected a MITM with say a 1% probability. Think of Alice and Bob depositing a witness pair derived from the DH secret and some HASH(shared-info + application traffic) some place(s) so someone (else) could detect if there was a Charlie in the middle. (BTW: I'm not sure such a useful generic protocol exists, but it'd be fun to work it out.) > To the end user, having the word "encryption" in the terminology is > useful because it tells them why they should pay attention to it. Good point. Maybe that's why folks keep coming back to OE as a term. > > To us, it's a red-herring, because it's not where the issue is. Also true. Cheers, S. > You listed the issues. > > (BTW: my TLA cache is failing on "TOFU") > > -- Michael Richardson <[email protected]>, Sandelman Software > Works -= IPv6 IoT consulting for hire =- > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBAgAGBQJTINXHAAoJEC88hzaAX42iuwsH/jG+Iny/Ae5cEJblR09CD9CE oPhLIMQM6eFBHiFFkz185XilNgyCUuWlAsGSEAMxNybKwZmpChf52ljhEXgE7Vx8 ULDHW8NadWp6O6V2CXie4vQM3ZAW58sgGRCqtejja3R2+DrKxgqi5gnWNxOYLt45 fzXjZYwZ1njlKPV1iLkAwrhLMj8HYOd005CNwW4owL746SV95AroZU316VfVVvB/ ehoLCHINcFJ32mFoPynPQwY/oSL89UWhSzswnkNljSC1R9dYs+eX/mEkBgFC/0Am EptcQZ0IwS5nBf4IwWi9V2wD+phS9zMAcOhpT7oJPzguZhChF/ziVH0NwYGsibg= =32vZ -----END PGP SIGNATURE----- _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
