[14348] in cryptography@c2.net mail archive
Re: New authentication protocol, was Re: Tinc's response to "Linux's answer to MS-PPTP"
daemon@ATHENA.MIT.EDU (Guus Sliepen)
Tue Sep 30 16:59:31 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 29 Sep 2003 18:59:46 +0200
From: Guus Sliepen <guus@sliepen.eu.org>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Cryptography list <cryptography@metzdowd.com>
In-Reply-To: <kju16vr1qr.fsf@romeo.rtfm.com>
--y2MHPAl/EzyWgzIZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Sep 29, 2003 at 09:35:56AM -0700, Eric Rescorla wrote:
> Was there any technical reason why the existing cryptographic
> skeletons wouldn't have been just as good?
Well all existing authentication schemes do what they are supposed do,
that's not the problem. We just want one that is as simple as possible
(so we can understand it better and implement it more easily), and which
is efficient (both speed and bandwidth).
> > And I just ripped TLS from the list.
>=20
> Define "ripped". This certainly is not the same as TLS.
Used as a skeleton. Don't ask me to define that as well.
> > Several people on this list have already demonstrated that they are very
> > willing to analyse new protocols.
>=20
> Actually, no. People are willing to take a quick look and
> then shoot bullets at your protocol.
True. I've already heard Peter Gutmann's writeup being described as
"drive-by shooting" :).
> That's not the same a sdoing a thorough analysis, which can take
> years, as Steve Bellovin has pointed out about Needham-Schroeder.
True, but we can learn even from the bullet holes.
> Look, there's nothing wrong with trying to invent new protocols,
> especially as a learning experience. What I'm trying to figure
> out is why you would put them in a piece of software rather=20
> than using one that has undergone substantial analysis unless
> your new protocol has some actual advantages. Does it?
We're trying to find that out. If we figure out it doesn't, we'll use
one of the standard protocols. We also do not know every existing
protocol, maybe we'll find one we are happy with. I'm currently decoding
RFC 2409 and trying to look if one of IKE's modes of operation does what
we want.
--=20
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@sliepen.eu.org>
--y2MHPAl/EzyWgzIZ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/eGT8AxLow12M2nsRAsEDAJ4hpy4rib782e1FsTB8flwiO8XMTACfcmZ2
kB2p0BhZHxjW64wbXGykQP8=
=pOun
-----END PGP SIGNATURE-----
--y2MHPAl/EzyWgzIZ--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
