Also manually forwarded on behalf of Peter Gutmann. As before, if you
reply, don't credit me with the text, it is his.
From pgut001 Fri Mar 26 14:44:54 2010
To: b...@links.org, nicolas.willi...@sun.com
Subject: Re: Against Rekeying
Cc: cryptography@metzdowd.com, pe...@piermont.com, si
On Fri, Mar 26, 2010 at 10:22:06AM -0400, Peter Gutmann wrote:
I missed that in his blog post as well. An equally big one is the SSHv2
rekeying fiasco, where for a long time an attempt to rekey across two
different implementations typically meant drop the connection, and it still
does for the
Nicolas Williams nicolas.willi...@sun.com writes:
I made much the same point, but just so we're clear, SSHv2 re-keying has been
interoperating widely since 2005. (I was at Connectathon, and while the
details of Cthon testing are proprietary, I can generalize and tell you that
interop in this
On Sat, Mar 27, 2010 at 12:31:45PM +1300, Peter Gutmann (alt) wrote:
Nicolas Williams nicolas.willi...@sun.com writes:
I made much the same point, but just so we're clear, SSHv2 re-keying has been
interoperating widely since 2005. (I was at Connectathon, and while the
details of Cthon
On Mar 23, 2010, at 11:21 AM, Perry E. Metzger wrote:
Ekr has an interesting blog post up on the question of whether protocol
support for periodic rekeying is a good or a bad thing:
http://www.educatedguesswork.org/2010/03/against_rekeying.html
I'd be interested in hearing what people
--
From: Perry E. Metzger pe...@piermont.com
Subject: Against Rekeying
I'd be interested in hearing what people think on the topic. I'm a bit
skeptical of his position, partially because I think we have too little
experience with real world
Perry E. Metzger pe...@piermont.com writes:
Ekr has an interesting blog post up on the question of whether protocol
support for periodic rekeying is a good or a bad thing:
http://www.educatedguesswork.org/2010/03/against_rekeying.html
I'd be interested in hearing what people think on the
Seems people like bottom post around here.
On Tue, Mar 23, 2010 at 8:51 PM, Nicolas Williams
nicolas.willi...@sun.com wrote:
On Tue, Mar 23, 2010 at 10:42:38AM -0500, Nicolas Williams wrote:
On Tue, Mar 23, 2010 at 11:21:01AM -0400, Perry E. Metzger wrote:
Ekr has an interesting blog post up
On Mar 23, 2010, at 22:42, Jon Callas wrote:
If you need to rekey, tear down the SSL connection and make a new one. There
should be a higher level construct in the application that abstracts the two
connections into one session.
... which will have its own subtleties and hence probability
On Mar 24, 2010, at 2:07 AM, Stephan Neuhaus wrote:
On Mar 23, 2010, at 22:42, Jon Callas wrote:
If you need to rekey, tear down the SSL connection and make a new one. There
should be a higher level construct in the application that abstracts the two
connections into one session.
I think the problem is more marketing and less technology. Some
marketoid somewhere decided to say that their product supports rekeying
(they usually call it key agility). Probably because they read
somewhere that you should change your password frequently (another
misconception, but that's
On 24/03/2010 08:28, Simon Josefsson wrote:
Perry E. Metzger pe...@piermont.com writes:
Ekr has an interesting blog post up on the question of whether protocol
support for periodic rekeying is a good or a bad thing:
http://www.educatedguesswork.org/2010/03/against_rekeying.html
I'd be
On Thu, Mar 25, 2010 at 01:24:16PM +, Ben Laurie wrote:
Note, however, that one of the reasons the TLS renegotiation attack was
so bad in combination with HTTP was that reauthentication did not result
in use of the new channel to re-send the command that had resulted in a
need for
On Tue, Mar 23, 2010 at 11:21:01AM -0400, Perry E. Metzger wrote:
Ekr has an interesting blog post up on the question of whether protocol
support for periodic rekeying is a good or a bad thing:
http://www.educatedguesswork.org/2010/03/against_rekeying.html
On Mar 23, 2010, at 4:23 PM, Adam
Ekr has an interesting blog post up on the question of whether protocol
support for periodic rekeying is a good or a bad thing:
http://www.educatedguesswork.org/2010/03/against_rekeying.html
I'd be interested in hearing what people think on the topic. I'm a bit
skeptical of his position,
On Tue, Mar 23, 2010 at 11:21:01AM -0400, Perry E. Metzger wrote:
Ekr has an interesting blog post up on the question of whether protocol
support for periodic rekeying is a good or a bad thing:
http://www.educatedguesswork.org/2010/03/against_rekeying.html
I'd be interested in hearing what
On 3/23/10 at 8:21 AM, pe...@piermont.com (Perry E. Metzger) wrote:
Ekr has an interesting blog post up on the question of whether protocol
support for periodic rekeying is a good or a bad thing:
http://www.educatedguesswork.org/2010/03/against_rekeying.html
I'd be interested in hearing
On Tue, Mar 23, 2010 at 10:42:38AM -0500, Nicolas Williams wrote:
On Tue, Mar 23, 2010 at 11:21:01AM -0400, Perry E. Metzger wrote:
Ekr has an interesting blog post up on the question of whether protocol
support for periodic rekeying is a good or a bad thing:
I'd be interested in hearing what people think on the topic. I'm a bit
skeptical of his position, partially because I think we have too little
experience with real world attacks on cryptographic protocols, but I'm
fairly open-minded at this point.
I think that if anything, he doesn't go far
In anon-ip (a zero-knowledge systems internal project) and cebolla [1]
we provided forward-secrecy (aka backward security) using symmetric
re-keying (key replaced by hash of previous key). (Backward and
forward security as defined by Ross Anderson in [2]).
But we did not try to do forward
20 matches
Mail list logo
