[14346] in cryptography@c2.net mail archive
Re: New authentication protocol, was Re: Tinc's response to "Linux's answer to MS-PPTP"
daemon@ATHENA.MIT.EDU (Guus Sliepen)
Tue Sep 30 16:58:02 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 29 Sep 2003 21:10:36 +0200
From: Guus Sliepen <guus@sliepen.eu.org>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Cryptography list <cryptography@metzdowd.com>
In-Reply-To: <kjk77rqvc3.fsf@romeo.rtfm.com>
--TJ9V72hR/LoebVea
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Sep 29, 2003 at 11:54:20AM -0700, Eric Rescorla wrote:
> > Well all existing authentication schemes do what they are supposed do,
> > that's not the problem. We just want one that is as simple as possible
> > (so we can understand it better and implement it more easily), and which
> > is efficient (both speed and bandwidth).
>=20
> In what way is your protocol either simpler or more efficient
> than, say, JFK or the TLS skeleton?
Compared with JFK: http://www.crypto.com/papers/jfk-ccs.pdf section 2.2
shows a lot of keys, IDs, derivatives of keys, random numbers and hashes
of various combinations of the previous, 3 public key encryptions and 2
symmetric cipher encryptions and HMACs. I do not consider that simple.
Compared with the entire TLS protocol it is much simpler, compared with
just the handshake protocol it is about as simple and probably just as
efficient, but as I said earlier, I want to get rid of the client/server
distinction.
> Again, it's important to distinguish between learning experiences
> and deployed protocols. I agree that it's worthwhile to try
> to do new protocols and let other people analyze them as
> a learning experience. But that's different from putting
> a not fully analyzed protocol into a deployed system.
[...]
> Well, I'd start by doing a back of the envelope performance
> analysis. If that doesn't show that your approach is better,
> then I'm not sure why you would wish to pursue it as a
> deployed solution.
I will not repeat our motiviations again. Please don't bother arguing
about this.
--=20
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@sliepen.eu.org>
--TJ9V72hR/LoebVea
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/eIOoAxLow12M2nsRAj5qAJ9hONgIYTccxeifvv7TfFTsUdCUZQCgqDI0
M5cuWjhGV6xF/E2pcRc/f5A=
=dCkG
-----END PGP SIGNATURE-----
--TJ9V72hR/LoebVea--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
