Re: cgd and remote keys

To: tech-security%netbsd.org@localhost
Subject: Re: cgd and remote keys
From: David Holland <dholland-security%netbsd.org@localhost>
Date: Tue, 1 Jan 2008 17:54:44 +0000

On Mon, Dec 31, 2007 at 05:59:04PM -0500, Greg Troxel wrote:
 >   Yeah, I was originally thinking in terms of SSL, for which one does
 >   (AFAIK) need curl or something of the sort, then designed it out.
 >   Woops.
 > 
 > I think the solution should provide perfect forward secrecy, so that
 > passively tapping the net ahead of time together with the assumed
 > physical possession doesn't get the attacker the key.  That was why I
 > suggested IPsec, although I should have explained why

Right, hence the bit about nonces that I alluded to.

-- 
David A. Holland
dholland%netbsd.org@localhost

Next by Date: Re: cgd and remote keys
Next by Thread: Re: cgd and remote keys
Indexes:

Home | Main Index | Thread Index | Old Index