IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Newer Rev of Section 11 - was: Re: IESG feedback on core drafts.
On Tue, Apr 15, 2003 at 05:07:38AM +0300, Heikki Nousiainen wrote:
> Some observations on the discussion on the security considerations.
>
> Re: Newer Rev of Section 11 - was: Re: IESG feedback on core drafts.,
> Nicolas Williams, Fri 4/11/2003 9:22 AM
[...]
> > > I'm also not sure, but it would be nice if we could find
> > > someone who is sure -- preferably someone who can supply
> > > a citation or a more detailed rationale to support the claim.
> >
> > "Perfect forward secrecy" - see Google search:
> [...]
>
> This is not "perfect forward secrecy". From what I understand, the text
> merely points out that the transport layer provides confidentiality and
> integrity protection [given encryption and mac] for authentication
> protocol (and methods within, e.g. password authentication) running on top
> of it.
Diffie-Hellman (DH) key exchanges have PFS as a property; specifically,
keys exchanged with DH are perfectly forward secure.
SSHv2 uses DH as the basis of the key exchange and derives session keys
from the DH exchange.
Ergo SSHv2 has PFS as a property.
The text should say so since this is an important cryptographic property
of the protocol.
Cheers,
Nico
--
Home |
Main Index |
Thread Index |
Old Index