Re: implicit authentication and waiting for service request response

To: denis bider <ietf-ssh%denisbider.com@localhost>
Subject: Re: implicit authentication and waiting for service request response
From: Bill Sommerfeld <sommerfeld%sun.com@localhost>
Date: Mon, 08 Nov 2004 11:59:07 -0500

On Mon, 2004-11-08 at 10:20, denis bider wrote:
> I'm probably lacking background here to understand this, but if I lack the
> background after working in SSH for years, this will also be a mystery to
> new implementors. I'd like this to be clear and explicit enough at least for
> me to understand it.

The server authentication is "implicit" because the client doesn't know
whether the server successfully did its part of the key exchange until
the client receives a subsequent message from the server, not part of
the key exchange, which demonstrates knowledge of K by the server.

(Kerberos can be used this way)

> :    A key exchange method uses "implicit server
> :    authentication" if, in order to prove its autenticity, the server
> :    also has to prove that it knows the shared secret K, by sending a
> :    message and a corresponding MAC which the client can verify. [1]

I'd suggest changing "by sending a message" to "by sending a subsequent
message"

					- Bill

References:
- implicit authentication and waiting for service request response
  - From: denis bider

Prev by Date: implicit authentication and waiting for service request response
Next by Date: secsh: Agenda for Tuesday, 1415-1515
Previous by Thread: implicit authentication and waiting for service request response
Next by Thread: secsh: Agenda for Tuesday, 1415-1515
Indexes:

Home | Main Index | Thread Index | Old Index