Re: Newer Rev of Section 11 - was: Re: IESG feedback on core drafts.

To: Heikki Nousiainen <htn%sumu.org@localhost>
Subject: Re: Newer Rev of Section 11 - was: Re: IESG feedback on core drafts.
From: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Date: Tue, 15 Apr 2003 08:53:46 -0700

On Tue, Apr 15, 2003 at 05:07:38AM +0300, Heikki Nousiainen wrote:
> Some observations on the discussion on the security considerations.
> 
> Re: Newer Rev of Section 11 - was: Re: IESG feedback on core drafts.,
> Nicolas Williams, Fri 4/11/2003 9:22 AM

[...]
> > > I'm also not sure, but it would be nice if we could find
> > > someone who is sure -- preferably someone who can supply
> > > a citation or a more detailed rationale to support the claim.
> >
> > "Perfect forward secrecy" - see Google search:
> [...]
> 
> This is not "perfect forward secrecy". From what I understand, the text
> merely points out that the transport layer provides confidentiality and
> integrity protection [given encryption and mac] for authentication
> protocol (and methods within, e.g. password authentication) running on top
> of it.

Diffie-Hellman (DH) key exchanges have PFS as a property; specifically,
keys exchanged with DH are perfectly forward secure.

SSHv2 uses DH as the basis of the key exchange and derives session keys
from the DH exchange.

Ergo SSHv2 has PFS as a property.

The text should say so since this is an important cryptographic property
of the protocol.

Cheers,

Nico
--

Follow-Ups:
- Re: Newer Rev of Section 11 - was: Re: IESG feedback on core drafts.
  - From: Heikki Nousiainen

References:
- RE: Newer Rev of Section 11 - was: Re: IESG feedback on core drafts.
  - From: Heikki Nousiainen

Prev by Date: Re: openssh
Next by Date: Re: Newer Rev of Section 11 - was: Re: IESG feedback on core drafts.
Previous by Thread: RE: Newer Rev of Section 11 - was: Re: IESG feedback on core drafts.
Next by Thread: Re: Newer Rev of Section 11 - was: Re: IESG feedback on core drafts.
Indexes:

Home | Main Index | Thread Index | Old Index