On Fri, 26 Sep 2003 09:10:05 -0400, Greg Troxel [EMAIL PROTECTED] wrote:
[snip]
The current canoncial
paper on how to calculate the number of bits that must be hashed away
due to detected eavesdropping and the inferred amount of undetected
eavesdropping is Defense frontier analysis of quantum
On Mon, 2003-09-29 at 06:07, Guus Sliepen wrote:
TLS makes a distinction between a client and a server. If possible I
wish to avoid making that distinction. If possible, I would also like to
continue to be able to use an RSA public/private keypair. This made me
*sketch* the following
Guus Sliepen [EMAIL PROTECTED] writes:
On Sat, Sep 27, 2003 at 07:58:14PM +0100, M Taylor wrote:
TLS makes a distinction between a client and a server. If possible I
wish to avoid making that distinction. If possible, I would also like to
continue to be able to use an RSA public/private
On Mon, Sep 29, 2003 at 07:53:29AM -0700, Eric Rescorla wrote:
I'm trying to figure out why you want to invent a new authentication
protocol rather than just going back to the literature and ripping
off one of the many skeletons that already exist (
Several reasons. Because it's fun, because
On Mon, Sep 29, 2003 at 05:57:46PM +0200, Guus Sliepen wrote:
Now, the attacker chooses 0 as his DH public. This makes ZZ always
equal to zero, no matter what the peer's DH key is.
I think you mean it is equal to 1 (X^0 is always 1).
Whoops, stupid me. Please ignore that.
--
Met
EKR writes:
I'm trying to figure out why you want to invent a new authentication
protocol rather than just going back to the literature and ripping
off one of the many skeletons that already exist (STS, JFK, IKE,
SKEME, SIGMA, etc.). That would save people from the trouble
of having to
Guus Sliepen [EMAIL PROTECTED] writes:
On Mon, Sep 29, 2003 at 07:53:29AM -0700, Eric Rescorla wrote:
I'm trying to figure out why you want to invent a new authentication
protocol rather than just going back to the literature and ripping
off one of the many skeletons that already exist (