tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: cgd and remote keys
On Mon, Dec 31, 2007 at 05:59:04PM -0500, Greg Troxel wrote:
> Yeah, I was originally thinking in terms of SSL, for which one does
> (AFAIK) need curl or something of the sort, then designed it out.
> Woops.
>
> I think the solution should provide perfect forward secrecy, so that
> passively tapping the net ahead of time together with the assumed
> physical possession doesn't get the attacker the key. That was why I
> suggested IPsec, although I should have explained why
Right, hence the bit about nonces that I alluded to.
--
David A. Holland
dholland%netbsd.org@localhost
Home |
Main Index |
Thread Index |
Old Index