Re: issues

To: Mika Kojo <mkojo%ssh.com@localhost>
Subject: Re: issues
From: Darren J Moffat <Darren.Moffat%Eng.Sun.COM@localhost>
Date: Mon, 19 Mar 2001 12:01:52 -0800

Mika Kojo wrote:

> Perhaps a better solution is to give the user some indication of the
> security level achieved in a particular session. Of course, it is
> difficult to measure security exactly, but this is only required to be
> a rough approximation (say, `very secure` > 2^128, `secure' > 2^80,
> `broken' <= 2^80, when measured in elementary operations).

I see it as an implmentation issue, unless you are requesting
that some definition of security quality is added to the protocol.

Personally I'd be very wary of using definitions like the above and
displaying them to a user, they seem very strong.  What I would be
happy with is displaying a warning to the user (generated either by
the client or server) if a known weak combinaition is used, but then
we shouldn't be allowing known weak combinations in the definition of
the protocol so...

--
Darren J Moffat

Follow-Ups:
- Re: issues
  - From: Mika Kojo

References:
- issues
  - From: Niels Provos
- issues
  - From: Mika Kojo

Prev by Date: issues
Next by Date: Re: issues
Previous by Thread: issues
Next by Thread: Re: issues
Indexes:

Home | Main Index | Thread Index | Old Index